Nobelium - Long Term Threat Activity

The Russian nation-state actor Nobelium is picking new targets. Thought to be the perpetrator behind the wide ranging cyber attacks on SolarWinds customers in 2020 and which the US government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain. 

This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers. Researchers at Microsoft told the New York Times they believe Nobelium's method is to take advantage of the direct access privileges that that resellers are often granted to their customers’ IT systems. 

The allows the hackers to  impersonate an organisation’s trusted technology partner to gain access to their downstream customers. 

Microsoft researchers became aware of  this latest campaign in May 2021 and have been notifying those considered to be at risk,  while developing new technical assistance and guidance for resellers. Since May, they have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. 'We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.' according to Microsoft.

Microsoft discovered the Nobelium campaign during its early stages, and are sharing these developments to help cloud service resellers, technology providers, and their customers to take prompt action to repel  Nobelium .

These attacks were part of a larger wave of Nobelium activities this year. Between July and October this year, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, although with a very low success rate. By comparison, prior to July this year Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

This recent activity is a clear indicator that Russia is trying to gain long-term, systematic access to a variety of points in the US technology industry's supply chain and establish a mechanism for surveillance and possible future disruption at targets of interest to the Russian government. 

Microsoft:     Insurance Journal:    NPR:    Fortune:      ITPro

You Might Also Read: 

A Successful Solar Winds Investigation:

 

« Hackers Achieve Widespread Penetration Of Defense Contractors
British Students Learn About Ethical Hacking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CERT.hr

CERT.hr

CERT.hr is the national authority competent for prevention and protection from computer threats to public information systems in the Republic of Croatia.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

Cyberwrite

Cyberwrite

Cyberwrite was founded to provide underwriters around the world a unique and innovative Cyber Underwriting platform.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Outsource UK

Outsource UK

Outsource UK is an independent recruitment company supplying highly-skilled technology, change and engineering talent to clients within a range of specialist sectors including Cyber Security.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Stryve

Stryve

Stryve is a leading carbon-neutral provider of specialist cloud and cybersecurity services in Europe.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.