Nobelium - Long Term Threat Activity
The Russian nation-state actor Nobelium is picking new targets. Thought to be the perpetrator behind the wide ranging cyber attacks on SolarWinds customers in 2020 and which the US government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.
Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.
This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers. Researchers at Microsoft told the New York Times they believe Nobelium's method is to take advantage of the direct access privileges that that resellers are often granted to their customers’ IT systems.
The allows the hackers to impersonate an organisation’s trusted technology partner to gain access to their downstream customers.
Microsoft researchers became aware of this latest campaign in May 2021 and have been notifying those considered to be at risk, while developing new technical assistance and guidance for resellers. Since May, they have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. 'We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.' according to Microsoft.
Microsoft discovered the Nobelium campaign during its early stages, and are sharing these developments to help cloud service resellers, technology providers, and their customers to take prompt action to repel Nobelium .
These attacks were part of a larger wave of Nobelium activities this year. Between July and October this year, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, although with a very low success rate. By comparison, prior to July this year Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.
This recent activity is a clear indicator that Russia is trying to gain long-term, systematic access to a variety of points in the US technology industry's supply chain and establish a mechanism for surveillance and possible future disruption at targets of interest to the Russian government.
Microsoft: Insurance Journal: NPR: Fortune: ITPro:
You Might Also Read:
A Successful Solar Winds Investigation: