Security News > 2021 > October > Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group
Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers, managed service providers, and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "Compromise-one-to-compromise-many" approach.
Microsoft, which disclosed details of the campaign on Monday, said it notified more than 140 resellers and technology service providers since May. Between July 1 and October 19, 2021, Nobelium is said to have singled out 609 customers, who were collectively attacked a grand total of 22,868 times.
"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling - now or in the future - targets of interest to the Russian government," said Tom Burt, Microsoft's corporate vice president of customer security and trust.
The newly disclosed attacks do not exploit any specific security weaknesses in software but rather leverage a diverse range of techniques such as password spraying, token theft, API abuse, and spear-phishing to siphon credentials associated with privileged accounts of service providers, enabling the attackers to move laterally in cloud environments and mount further intrusions.
The attacks are yet another manifestation of Nobelium's oft-repeated tactics, which has been found abusing trust relationships enjoyed by service providers to burrow into multiple victims of interest for intelligence gain.
The development also arrives less than a month after the tech giant revealed a new passive and highly targeted backdoor dubbed "FoggyWeb" deployed by the hacking group to deliver additional payloads and steal sensitive information from Active Directory Federation Services servers.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)