Microsoft warns SolarWinds hacking group Nobelium is targeting its customers

Microsoft Corp. has warned that Nobelium, the Russian-linked hacking group behind the attack on SolarWinds Worldwide LLC, is active again and targeting Microsoft customers.

The Nobelium hacking group was last in the headlines in May. Microsoft warned at the time that the gang had targeted more than 150 organizations in a phishing campaign, with malicious emails disguised as messages from the U.S. Agency for International Development.

Nobelium is now said to be using “password spraying” and brute-force attacks, though many of those targeted were not successfully compromised. According to a June 25 warning by the Microsoft Security Response Center, it’s aware of three compromised entities among its customers. “All customers that were compromised or targeted are being contacted through our nation-state notification process,” the warning noted.

The types of companies and organizations being targeted primarily include information technology companies, 57% of those targeted, followed by government at 20% and nongovernmental organizations and think tanks, as well as financial services. Some 45% of the attempted attacks targeted companies and organizations in the U.S., followed by 10% in the U.K, then smaller numbers in Germany and Canada.

In addition, Microsoft SRC detected information-stealing malware on a machine belonging to one of its customer support agents. The threat actor used the information in some cases to launch highly targeted attacks.

“The exposed hacking campaign brings compelling evidence that the overall cybersecurity hygiene is largely deficient,”  Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE. “For instance, password spraying and credential-stuffing attacks are preventable by enabling multifactor authentication, restricting access to the accounts from specific networks or at least countries, and can be easily spotted by anomaly detection systems.”

Phishing is another common phenomenon that can be mitigated by ongoing security awareness and training programs for employees, Kolochenko noted, adding that security training when combined with continuous monitoring, threat detection systems and sandboxing can reduce the risk to near zero even when an employee makes a mistake.

“Attacks on mobile devices and BYOD is another hot topic, but master data management systems can likewise artfully reduce the related cyber risks,” Kolochenko said. “Therefore, organizations need to invest in cybersecurity baselines and implement a consistent information security strategy. Otherwise, even technically unsophisticated attacks will continue their surge.”

Photo: Pixahive