Nobelium, the Russian hacking group believed to be responsible for the Solarwinds supply chain attack, has launched new attacks targeting Microsoft customers.
In an official statement about the discovered activity, Microsoft said that the attackers were primarily focused on the IT and Government sectors.
“This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on US interests, about 45%, followed by 10% in the UK.” Microsoft said in its statement.
Microsoft assures that most of the attack attempts were unsuccessful.
“This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date. All customers that were compromised or targeted are being contacted through our nation-state notification process.”
The threat actors attempted to breach privileged accounts in two ways. The first was through a combination of password spraying and brute force attacks.
Brute force attacks infiltrate login portals with a barrage of different username and password combinations. Though this penetration method is simple and rather messy, it has a high success rate, accounting for 80% of cyber attacks on web applications.
The other penetration tactic used was password spraying. This method is slightly more methodical, it involves the same password being used across different accounts simultaneously to minimize suspicious login attempts.
In addition to the above, Nobelium (also known as APT29, Cozy Bear, and The Dukes) injected an information stealing trojan on a Microsoft Support agent’s computer to automate and scale the exfiltration of account details.
According to Microsoft, only ‘basic information’ was accessed and used in targeted phishing attacks.
Though Nobelium’s breach attempts were thwarted in this instance, future attacks may prove more ruinous, especially if they mirror the complexity of the Solarwinds disaster.
To best defend your sensitive data against such cyber attacks, the following control strategies should be implemented:
- Multi-Factor Authentication
- Zero-Trust Architecture
- Secure Privileged Access Management
Are you at risk of a data breach? Click here to get your free security score now!