Microsoft experts said that the Nobelium hack group (aka APT 29, Cozy Bear or The Dukes) is still carrying out attacks on the IT supply chain. According to experts, since May 2021, 140 managed service providers (MSP) and cloud services have been attacked, and at least 14 of them have been hacked.
Let me remind you that, according to experts, Nobelium is connected with the Russian government, and it is named responsible for last year’s hack of SolarWinds, which became one of the largest attacks on the supply chain in history.Microsoft experts say that all of the attacks now detected were part of a well-planned campaign that began in May this year.
These attacks are not the result of a product security vulnerability but rather a continuation of NOBELIUM’s use of a diverse and dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse, and spear phishing to compromise user accounts and leverage the access of those accounts.<span class="su-quote-cite">The Microsoft Threat Intelligence Center (MSTIC) specialists write.</span>
Typically, hackers relied on spear phishing and brute-force attacks, targeting reseller employees and technology service providers who manage IT and cloud infrastructure on behalf of their customers.
We believe that Nobelium ultimately hopes to leverage whatever direct access resellers may have to their customers’ IT systems to easily impersonate the organization’s trusted technology partner and gain access to downstream customers. These attacks were part of a broader Nobelium activity this summer. In fact, from July 1 to October 19 of this year, we informed 609 customers that they were attacked by Nobelium 22,868 times (with a low success rate). In comparison, over the past three years, we have notified clients of attacks from any ‘government hacker’ 20,500 times.<span class="su-quote-cite">says the Microsoft report.</span>
Indicators of compromise are already available in the company’s report.
Let me remind that we also wrote that Hacker group LightBasin hacked 13 telecoms in the last two years.
User Review
( votes)
Comments Rating
0
(0 reviews)
