Security News > 2021 > October > Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group
Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers, managed service providers, and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "Compromise-one-to-compromise-many" approach.
Microsoft, which disclosed details of the campaign on Monday, said it notified more than 140 resellers and technology service providers since May. Between July 1 and October 19, 2021, Nobelium is said to have singled out 609 customers, who were collectively attacked a grand total of 22,868 times.
"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling - now or in the future - targets of interest to the Russian government," said Tom Burt, Microsoft's corporate vice president of customer security and trust.
The newly disclosed attacks do not exploit any specific security weaknesses in software but rather leverage a diverse range of techniques such as password spraying, token theft, API abuse, and spear-phishing to siphon credentials associated with privileged accounts of service providers, enabling the attackers to move laterally in cloud environments and mount further intrusions.
The attacks are yet another manifestation of Nobelium's oft-repeated tactics, which has been found abusing trust relationships enjoyed by service providers to burrow into multiple victims of interest for intelligence gain.
The development also arrives less than a month after the tech giant revealed a new passive and highly targeted backdoor dubbed "FoggyWeb" deployed by the hacking group to deliver additional payloads and steal sensitive information from Active Directory Federation Services servers.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)