Security News > 2021 > December > SolarWinds Hackers Targeting Government and Business Entities Worldwide
Nobelium, the threat actor attributed to the massive SolarWinds supply chain compromise, has been once again linked to a series of attacks targeting multiple cloud solution providers, services, and reseller companies, as the hacking group continues to refine and retool its tactics at an alarming pace in response to public disclosures.
The revelations come exactly a year after details emerged of a Kremlin-backed hacking campaign that breached the servers of network management provider SolarWinds to distribute tainted software binaries to a number of high-profile customers, including nine U.S. federal agencies.
Ever since the SolarWinds incident came to light, the APT group has been connected to a string of attacks aimed at think tanks, businesses, and government entities around the globe, even as an ever-expanding malware toolbox has been put to use with the goal of establishing a foothold in the attacked system and downloading other malicious components.
In late October 2021, Microsoft took the wraps off an intrusion campaign that compromised as many as 14 downstream customers of multiple cloud service providers, managed service providers, and other IT services organizations.
The poisoning attacks worked by breaking into the service providers, subsequently using the privileged access and credentials belonging to these providers to strike a wide range of organizations that relied on the CSPs. Top-notch operational security and advanced tradecraft.
"Many MFA providers allow for users to accept a phone app push notification or to receive a phone call and press a key as a second factor. The threat actor took advantage of this and issued multiple MFA requests to the end user's legitimate device until the user accepted the authentication, allowing the threat actor to eventually gain access to the account."
News URL
https://thehackernews.com/2021/12/solarwinds-hackers-targeting-government.html