Nobelium - Long Term Threat Activity

Uploaded on 2021-11-22 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The Russian nation-state actor Nobelium is picking new targets. Thought to be the perpetrator behind the wide ranging cyber attacks on SolarWinds customers in 2020 and which the US government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain. 

This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers. Researchers at Microsoft told the New York Times they believe Nobelium's method is to take advantage of the direct access privileges that that resellers are often granted to their customers’ IT systems. 

The allows the hackers to  impersonate an organisation’s trusted technology partner to gain access to their downstream customers. 

Microsoft researchers became aware of  this latest campaign in May 2021 and have been notifying those considered to be at risk,  while developing new technical assistance and guidance for resellers. Since May, they have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. 'We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.' according to Microsoft.

Microsoft discovered the Nobelium campaign during its early stages, and are sharing these developments to help cloud service resellers, technology providers, and their customers to take prompt action to repel  Nobelium .

These attacks were part of a larger wave of Nobelium activities this year. Between July and October this year, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, although with a very low success rate. By comparison, prior to July this year Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

This recent activity is a clear indicator that Russia is trying to gain long-term, systematic access to a variety of points in the US technology industry's supply chain and establish a mechanism for surveillance and possible future disruption at targets of interest to the Russian government. 

Microsoft:     Insurance Journal:    NPR:    Fortune:      ITPro

You Might Also Read: 

A Successful Solar Winds Investigation:

 

« Hackers Achieve Widespread Penetration Of Defense Contractors
British Students Learn About Ethical Hacking »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

Seavus

Seavus

Seavus is a software development and consulting company with a proven track-record in providing successful enterprise-wide business solutions including Managed Security Services.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.