On Friday, June 25, Microsoft revealed that a new set of attacks was carried out by Nobelium (APT 29), the same group attributed with the SolarWinds attacks last year. The group managed to use password sprays and brute-force attacks to access Microsoft customer accounts. As of right now, only three organizations are known to be breached and are currently being notified. It has also come to light that a staff member at Microsoft was also compromised and disclosed that an information stealer was found on the victim’s host machine. The malware was designed to collect information on a small number of customers from the staff member’s computer.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased