On May 27th, Microsoft revealed that the company had observed alleged cyberattacks by “threat actor Nobelium.”
It allegedly targeted government agencies, think tanks, consultants, and NGOs.
“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work.”
Nobelium was allegedly responsible for the attacks on SolarWinds customers back in 2020. These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.
“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. Constant Contact is a service used for email marketing. From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call NativeZone. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network.”
Microsoft outlined three reasons that the alleged attacks are notable:
- When the alleged SolarWinds attack is kept in mind, “it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers. By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”
- Nobelium’s activities and that of similar actors tend to track with issues of concern to the country from which they are operating.
“This time Nobelium targeted many humanitarian and human rights organizations. At the height of the Covid-19 pandemic, Russian actor Strontium targeted healthcare organizations involved in vaccines. In 2019, Strontium targeted sporting and anti-doping organizations. And we’ve previously disclosed activity by Strontium and other actors targeting major elections in the U.S. and elsewhere.”
- Alleged nation-state cyberattacks aren’t slowing.
“We need clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules. We must continue to rally around progress made by the Paris Call for Trust and Security in Cyberspace, and more widely adopt the recommendations of the Cybersecurity Tech Accord, and the CyberPeace Institute. But, we need to do more. Microsoft will continue to work with willing governments and the private sector to advance the cause of digital peace.”
So, for those that thought “SolarGate” was over, it is far from anything of the sort.
Separately, Russia’s security service – FSB reported that an unprecedented in scale hacking attack had targeted various Russian government agencies.
Sadly, Moscow can’t blame Russian state-controlled hackers for carrying out the attacks.
“Assessing the attackers’ level of preparedness and qualification … we are inclined to refer to this group as cyber mercenaries, pursuing the interests of a foreign state,” the report said, citing the hackers’ “thorough preparation” and their intimate knowledge of Russian antivirus firm Kaspersky Lab’s software.
Kaspersky told Reuters it was aware of the report, but had no information to suggest that the hackers had exploited any vulnerabilities in its products.
MORE ON THE TOPIC:
- No Act Of War But “An Easy Score”: Here’s What We Know & Don’t Know About SolarWinds Hack
- For The First Time Ever Russia Drops Under 50% Of Exports Sold In U.S. Dollars