Tuesday, March 19, 2024

Russian Threat Group Nobelium Attacking 14 IT Supply Chains & 140 MSPs

The notorious hacking group, Nobelium is the main culprit who organized the sensational cyberattack on the American software manufacturer SolarWinds. However, the latest wave of Nobelium aimed at the resellers and other tech service providers in the cloud. In short, they have targeted 14 IT supply chains and 140 MSPs in their latest attack wave.

Since May of this year, this Russian threat group Nobelium carried out attacks on resellers and other providers of technology services, for deployment and management of cloud services to get access to the IT networks of their customers.

Nobelium is the elite hacking group of Russia’s SVR foreign intelligence agency, and this group is also known as “Cozy Bear.” While Microsoft has notified more than 140 resellers and technology service providers since May that are targeted by the Nobelium.

The SolarWinds hack went unnoticed for most of 2020, and when the whole incident was discovered it became a very embarrassing moment for Washington.

Not only that even Nobelium also compromised several US government agencies that include:-

  • The Department of Justice
  • The Department of Homeland Security (DHS)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The United States Treasury

From the above-mentioned departments, the Department of Justice is the one from which Nobelium compromised 80% of the email accounts that were used by the US prosecutors’ offices in New York.

More than 22,868 times the threat actors of the Nobelium group have attacked 609 customers between July 1 and October 19 this year. While Microsoft notified 20,500 times over the past three years all its customers about the cyberattacks from state-sponsored hacking groups.

The devastating effects of the long-undetected SolarWinds hack clearly show the success rate of Russian state-sponsored hackers and the success rate is about 32%, while in the previous 12 months it was at 21%.

In these attacks, they have used well-known techniques, like password spray and phishing, by executing these attacks they managed to steal legitimate credentials and gain privileged access.

Security activities of Microsoft

Here are the improvements that are done by Mircosoft to protect and secure their ecosystem:-

  • In September 2020, to access Partner Center and to use delegated administrative privilege (DAP) to manage a customer environment Microsoft rolled out MFA.
  • On October 15, to strengthen security controls Microsoft launched a program to provide two years of an Azure Active Directory Premium plan for free.
  • To help organizations identify and respond to these attacks promptly Microsoft has added detections in its security tools like Microsoft Cloud App Security (MCAS), M365 Defender, Azure Defender, and Azure Sentinel.
  • To provide privileged access to resellers Microsoft currently steering new and more granular features for organizations.
  • To enable partners and customers to control and audit their delegated privileged accounts and remove unnecessary authority, Microsoft added new security mechanisms to its monitoring system.
  • Microsoft is also working closely with its partners to assess and remove unnecessary privileges and access.

Nobelium in their recent attacks did not exploit any software vulnerabilities, unlike last year’s campaign, as this time they resorted to the techniques like phishing and Password Spraying to steal credentials.

However, a technical guide that describes how Nobelium tries to move laterally through networks to reach intermediate customers has been already published by Microsoft, and it has also informed all the affected vendors as well.

Looking for Best WAF Solutions for your web applications environment?? Register for Free WAF webinar & explore the experts thoughts and Choose the Best one.. Very limited seats available.. grab it here at ProPhaze.

Website

Latest articles

How ANY.RUN Malware Sandbox Process IOCs for Threat Intelligence Lookup?

The database includes indicators of compromise (IOCs) and relationships between different artifacts observed within...

CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence

AhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in...

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hack AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles