Nobelium - Long Term Threat Activity

Uploaded on 2021-11-22 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

The Russian nation-state actor Nobelium is picking new targets. Thought to be the perpetrator behind the wide ranging cyber attacks on SolarWinds customers in 2020 and which the US government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain. 

This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers. Researchers at Microsoft told the New York Times they believe Nobelium's method is to take advantage of the direct access privileges that that resellers are often granted to their customers’ IT systems. 

The allows the hackers to  impersonate an organisation’s trusted technology partner to gain access to their downstream customers. 

Microsoft researchers became aware of  this latest campaign in May 2021 and have been notifying those considered to be at risk,  while developing new technical assistance and guidance for resellers. Since May, they have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. 'We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.' according to Microsoft.

Microsoft discovered the Nobelium campaign during its early stages, and are sharing these developments to help cloud service resellers, technology providers, and their customers to take prompt action to repel  Nobelium .

These attacks were part of a larger wave of Nobelium activities this year. Between July and October this year, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, although with a very low success rate. By comparison, prior to July this year Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

This recent activity is a clear indicator that Russia is trying to gain long-term, systematic access to a variety of points in the US technology industry's supply chain and establish a mechanism for surveillance and possible future disruption at targets of interest to the Russian government. 

Microsoft:     Insurance Journal:    NPR:    Fortune:      ITPro

You Might Also Read: 

A Successful Solar Winds Investigation:

 

« Hackers Achieve Widespread Penetration Of Defense Contractors
British Students Learn About Ethical Hacking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Civica

Civica

Civica provides cloud-based managed IT services, hosting and outsourcing.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

SilverEdge Government Solutions

SilverEdge Government Solutions

SilverEdge is a next generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities.

Kompleye

Kompleye

Kompleye is a recognized cybersecurity and compliance audit organization that offer a comprehensive solution for different industries.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.