Microsoft said that since May 2021, the Nobelium group hacked at least 14 IT companies

Microsoft experts said that the Nobelium hack group (aka APT 29, Cozy Bear or The Dukes) is still carrying out attacks on the IT supply chain. According to experts, since May 2021, 140 managed service providers (MSP) and cloud services have been attacked, and at least 14 of them have been hacked.

Let me remind you that, according to experts, Nobelium is connected with the Russian government, and it is named responsible for last year’s hack of SolarWinds, which became one of the largest attacks on the supply chain in history.

Microsoft experts say that all of the attacks now detected were part of a well-planned campaign that began in May this year.

These attacks are not the result of a product security vulnerability but rather a continuation of NOBELIUM’s use of a diverse and dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse, and spear phishing to compromise user accounts and leverage the access of those accounts.The Microsoft Threat Intelligence Center (MSTIC) specialists write.

Typically, hackers relied on spear phishing and brute-force attacks, targeting reseller employees and technology service providers who manage IT and cloud infrastructure on behalf of their customers.

Nobelium targets

We believe that Nobelium ultimately hopes to leverage whatever direct access resellers may have to their customers’ IT systems to easily impersonate the organization’s trusted technology partner and gain access to downstream customers. These attacks were part of a broader Nobelium activity this summer. In fact, from July 1 to October 19 of this year, we informed 609 customers that they were attacked by Nobelium 22,868 times (with a low success rate). In comparison, over the past three years, we have notified clients of attacks from any ‘government hacker’ 20,500 times.says the Microsoft report.

Indicators of compromise are already available in the company’s report.

Let me remind that we also wrote that Hacker group LightBasin hacked 13 telecoms in the last two years.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button