Threat Watch

Microsoft Says Russian Threat Group is Still Targeting IT Supply Chain Firms

Microsoft stated that Nobelium, the Russian-backed threat group responsible for the SolarWinds hack, has attacked 140 managed service providers (MSPs) and cloud service providers since May. Tom Burt, Corporate Vice President at Microsoft, stated that 14 of the 140 MSPs were successfully breached. In addition, more than 600 Microsoft customers were attacked, although with a low success rate. The Russian hackers use a diverse set of tools to carry out these attacks including tactics ranging from malware, password sprays, and token theft to API abuse and spear phishing. Nobelium is the hacking division of the Russian Foreign Intelligence Services and is also tracked as APT29, Cozy Bear, and The Dukes. The group continues to carryout aggressive espionage campaigns to gain long term access to systems and steal information.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Microsoft recommends that MSPs and cloud service providers, other technology organizations with elevated privileges for customer systems, and all downstream customers of these organizations review and implement the actions in the link below to help mitigate and remediate the recent NOBELIUM activity.

https://www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/

https://www.bleepingcomputer.com/news/microsoft/microsoft-russian-svr-hacked-at-least-14-it-supply-chain-firms-since-may/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support