Security News > 2021 > December > France warns of Nobelium cyberspies attacking French orgs

France warns of Nobelium cyberspies attacking French orgs
2021-12-06 18:46

The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021.

While ANSSI has not determined how Nobelium compromised email accounts belonging to French orgs, it added that the hackers used them to deliver malicious emails targeting foreign institutions.

In turn, French public orgs were also the targets of spoofed emails sent from servers belonging to foreign entities, believed to be compromised by the same threat actor.

The infrastructure used by Nobelium in the attacks against French entities was mainly set up using virtual private servers from different hosting companies.

As further reported by Microsoft in recent months, Nobelium is still targeting the global IT supply chain, having attacked 140 managed service providers and cloud service providers and breached at least 14 since May 2021.

Microsoft revealed in October that Nobelium was the most active Russian hacking group between July 2020 and June 2021, coordinating the attacks behind 92% of alerts Microsoft sent to customers regarding Russia-based threat activity.

News URL