Hacking group Nobelium has caused concern for a lot of companies all over the globe due to its ongoing malicious activity. The group has been previously linked to the Russian foreign intelligence agency SVR and the SolarWind attacks. A couple of months ago, Nobelium was also involved in sophisticated phishing attacks.
Now, Microsoft has issued an advisory saying that the actor is once again targeting IT and government organizations in various countries.
Microsoft has detected password spray and brute force attacks being carried out against multiple customers, and while the malicious activity has been mostly unsuccessful, the company has notified targeted entities through the usual process. That said, the Redmond tech giant also says that it is aware of three entities being compromised in the recent attacks.
57% of the malicious activity was carried out against IT companies while 20% was against government organizations. Overall, entities in 36 countries were targeted, with 45% attacks being against the U.S. while 10% against entities based in the UK. Microsoft further went on to say that:
As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign. We responded quickly, removed the access and secured the device. The investigation is ongoing, but we can confirm that our support agents are configured with the minimal set of permissions required as part of our Zero Trust “least privileged access” approach to customer information. We are notifying all impacted customers and are supporting them to ensure their accounts remain secure.
Microsoft has recommended that organizations deploy Zero Trust security models and multi-factor authentication with granular identity and access management configurations to secure themselves against such threats.