Nobelium targets Microsoft customers

Edward Kost
Edward Kost
June 28, 2021

Nobelium, the Russian hacking group believed to be responsible for the Solarwinds supply chain attack, has launched new attacks targeting Microsoft customers.

In an official statement about the discovered activity, Microsoft said that the attackers were primarily focused on the IT and Government sectors.

“This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.  The activity was largely focused on US interests, about 45%, followed by 10% in the UK.” Microsoft said in its statement.

Microsoft assures that most of the attack attempts were unsuccessful.

“This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date. All customers that were compromised or targeted are being contacted through our nation-state notification process.”

The threat actors attempted to breach privileged accounts in two ways. The first was through a combination of password spraying and brute force attacks.

Brute force attacks infiltrate login portals with a barrage of different username and password combinations. Though this penetration method is simple and rather messy, it has a high success rate, accounting for 80% of cyber attacks on web applications.

The other penetration tactic used was password spraying. This method is slightly more methodical, it involves the same password being used across different accounts simultaneously to minimize suspicious login attempts.

In addition to the above, Nobelium (also known as APT29, Cozy Bear, and The Dukes) injected an information stealing trojan on a Microsoft Support agent’s computer to automate and scale the exfiltration of account details. 

According to Microsoft, only ‘basic information’ was accessed and used in targeted phishing attacks.

Though Nobelium’s breach attempts were thwarted in this instance, future attacks may prove more ruinous, especially if they mirror the complexity of the Solarwinds disaster.

To best defend your sensitive data against such cyber attacks, the following control strategies should be implemented:

Are you at risk of a data breach? Click here to get your free security score now!

How secure is Microsoft?

Microsoft Corporation (, abbreviated as MS) is an American multinational technology company with headquarters in Redmond, Washington. It develops, manufactures, licenses, supports and sells computer software, consumer electronics, personal computers, and related services. Its best known software products are the Microsoft Windows line of operating systems, the Microsoft Office suite, and the Internet Explorer and Edge web browsers.
  • Check icon
    View our free preliminary report on Microsoft’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating