Friday, June 14, 2024

Russian Threat Group Nobelium Attacking 14 IT Supply Chains & 140 MSPs

The notorious hacking group, Nobelium is the main culprit who organized the sensational cyberattack on the American software manufacturer SolarWinds. However, the latest wave of Nobelium aimed at the resellers and other tech service providers in the cloud. In short, they have targeted 14 IT supply chains and 140 MSPs in their latest attack wave.

Since May of this year, this Russian threat group Nobelium carried out attacks on resellers and other providers of technology services, for deployment and management of cloud services to get access to the IT networks of their customers.

Nobelium is the elite hacking group of Russia’s SVR foreign intelligence agency, and this group is also known as “Cozy Bear.” While Microsoft has notified more than 140 resellers and technology service providers since May that are targeted by the Nobelium.

The SolarWinds hack went unnoticed for most of 2020, and when the whole incident was discovered it became a very embarrassing moment for Washington.

Not only that even Nobelium also compromised several US government agencies that include:-

  • The Department of Justice
  • The Department of Homeland Security (DHS)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The United States Treasury

From the above-mentioned departments, the Department of Justice is the one from which Nobelium compromised 80% of the email accounts that were used by the US prosecutors’ offices in New York.

More than 22,868 times the threat actors of the Nobelium group have attacked 609 customers between July 1 and October 19 this year. While Microsoft notified 20,500 times over the past three years all its customers about the cyberattacks from state-sponsored hacking groups.

The devastating effects of the long-undetected SolarWinds hack clearly show the success rate of Russian state-sponsored hackers and the success rate is about 32%, while in the previous 12 months it was at 21%.

In these attacks, they have used well-known techniques, like password spray and phishing, by executing these attacks they managed to steal legitimate credentials and gain privileged access.

Security activities of Microsoft

Here are the improvements that are done by Mircosoft to protect and secure their ecosystem:-

  • In September 2020, to access Partner Center and to use delegated administrative privilege (DAP) to manage a customer environment Microsoft rolled out MFA.
  • On October 15, to strengthen security controls Microsoft launched a program to provide two years of an Azure Active Directory Premium plan for free.
  • To help organizations identify and respond to these attacks promptly Microsoft has added detections in its security tools like Microsoft Cloud App Security (MCAS), M365 Defender, Azure Defender, and Azure Sentinel.
  • To provide privileged access to resellers Microsoft currently steering new and more granular features for organizations.
  • To enable partners and customers to control and audit their delegated privileged accounts and remove unnecessary authority, Microsoft added new security mechanisms to its monitoring system.
  • Microsoft is also working closely with its partners to assess and remove unnecessary privileges and access.

Nobelium in their recent attacks did not exploit any software vulnerabilities, unlike last year’s campaign, as this time they resorted to the techniques like phishing and Password Spraying to steal credentials.

However, a technical guide that describes how Nobelium tries to move laterally through networks to reach intermediate customers has been already published by Microsoft, and it has also informed all the affected vendors as well.

Looking for Best WAF Solutions for your web applications environment?? Register for Free WAF webinar & explore the experts thoughts and Choose the Best one.. Very limited seats available.. grab it here at .


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles