Home>Blog>The Hacker News Headlines>Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group
The Hacker News Headlines

Microsoft Warns of Continued Supply-Chain Attacks by the Nobelium Hacker Group

Nobelium, the threat actor[1]
behind the SolarWinds compromise in December 2020, has been behind
a new wave of attacks that compromised 14 downstream customers of
multiple cloud service providers (CSP), managed service providers
(MSP), and other IT services organizations, illustrating the
adversary’s continuing interest in targeting the supply chain via
the “compromise-one-to-compromise-many” approach.

Microsoft, which disclosed details of the campaign on Monday,
said it notified more than 140 resellers and technology service
providers since May. Between July 1 and October 19, 2021, Nobelium
is said to have singled out 609 customers, who were collectively
attacked a grand total of 22,868 times.

Automatic GitHub Backups

“This recent activity is another indicator that Russia is trying
to gain long-term, systematic access to a variety of points in the
technology supply chain and establish a mechanism for surveilling –
now or in the future – targets of interest to the Russian
government,” said[2]
Tom Burt, Microsoft’s corporate vice president of customer security
and trust.

The newly disclosed attacks do not exploit any specific security
weaknesses in software but rather leverage[3]
a diverse range of techniques such as password spraying, token
theft, API abuse, and spear-phishing to siphon credentials
associated with privileged accounts of service providers, enabling
the attackers to move laterally in cloud environments and mount
further intrusions.

The goal, according to Microsoft, appears that “Nobelium
ultimately hopes to piggyback on any direct access that resellers
may have to their customers’ IT systems and more easily impersonate
an organization’s trusted technology partner to gain access to
their downstream customers.”

If anything, the attacks are yet another manifestation of
Nobelium’s oft-repeated tactics, which has been found abusing trust
relationships enjoyed by service providers to burrow into multiple
victims of interest for intelligence gain. As mitigations, the
company is recommending companies to enable multi-factor
authentication (MFA) and audit delegated administrative privileges
(DAP) to prevent any potential misuse of elevated permissions.

The development also arrives less than a month after the tech
giant revealed a new passive and highly targeted backdoor dubbed
FoggyWeb[4]” deployed by the hacking
group to deliver additional payloads and steal sensitive
information from Active Directory Federation Services (AD FS)
servers.

References

  1. ^
    threat
    actor     (thehackernews.com)
  2. ^
    said
    (blogs.microsoft.com)
  3. ^
    leverage
    (www.microsoft.com)
  4. ^
    FoggyWeb
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.