Nobelium - Long Term Threat Activity

Uploaded on 2021-11-22 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The Russian nation-state actor Nobelium is picking new targets. Thought to be the perpetrator behind the wide ranging cyber attacks on SolarWinds customers in 2020 and which the US government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain. 

This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers. Researchers at Microsoft told the New York Times they believe Nobelium's method is to take advantage of the direct access privileges that that resellers are often granted to their customers’ IT systems. 

The allows the hackers to  impersonate an organisation’s trusted technology partner to gain access to their downstream customers. 

Microsoft researchers became aware of  this latest campaign in May 2021 and have been notifying those considered to be at risk,  while developing new technical assistance and guidance for resellers. Since May, they have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. 'We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.' according to Microsoft.

Microsoft discovered the Nobelium campaign during its early stages, and are sharing these developments to help cloud service resellers, technology providers, and their customers to take prompt action to repel  Nobelium .

These attacks were part of a larger wave of Nobelium activities this year. Between July and October this year, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, although with a very low success rate. By comparison, prior to July this year Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

This recent activity is a clear indicator that Russia is trying to gain long-term, systematic access to a variety of points in the US technology industry's supply chain and establish a mechanism for surveillance and possible future disruption at targets of interest to the Russian government. 

Microsoft:     Insurance Journal:    NPR:    Fortune:      ITPro

You Might Also Read: 

A Successful Solar Winds Investigation:

 

« Hackers Achieve Widespread Penetration Of Defense Contractors
British Students Learn About Ethical Hacking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Anglo African

Anglo African

Anglo African is an information technology firm providing end-to-end solutions to different industries, from IT Infrastructure to DataCom as well as Cloud & InfoSec services.

NTIC Cyber Center

NTIC Cyber Center

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

UK Research & Innovation (UKRI)

UK Research & Innovation (UKRI)

UKRI works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

Armexa

Armexa

Armexa is a leading provider of advanced industrial cybersecurity solutions that protect your critical OT and ICS infrastructure against ever-changing threats.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Paperclip

Paperclip

Paperclip provides paperless solutions while enabling compliance and security for the exchange of critical content.

Elba

Elba

Employee security needs to be reinvented. SaaS security needs to involve end-user and awareness needs to be actionable. Meet elba, the 5-in-one cybersecurity hub with no compromises.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.