Microsoft issues advisory about new cyberattack targeting IT and government organizations

Hacking group Nobelium has caused concern for a lot of companies all over the globe due to its ongoing malicious activity. The group has been previously linked to the Russian foreign intelligence agency SVR and the SolarWind attacks. A couple of months ago, Nobelium was also involved in sophisticated phishing attacks.

Now, Microsoft has issued an advisory saying that the actor is once again targeting IT and government organizations in various countries.

Microsoft logo on the left on a blue background with a padlock on the right on a black background

Microsoft has detected password spray and brute force attacks being carried out against multiple customers, and while the malicious activity has been mostly unsuccessful, the company has notified targeted entities through the usual process. That said, the Redmond tech giant also says that it is aware of three entities being compromised in the recent attacks.

57% of the malicious activity was carried out against IT companies while 20% was against government organizations. Overall, entities in 36 countries were targeted, with 45% attacks being against the U.S. while 10% against entities based in the UK. Microsoft further went on to say that:

As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign. We responded quickly, removed the access and secured the device. The investigation is ongoing, but we can confirm that our support agents are configured with the minimal set of permissions required as part of our Zero Trust “least privileged access” approach to customer information. We are notifying all impacted customers and are supporting them to ensure their accounts remain secure.

Microsoft has recommended that organizations deploy Zero Trust security models and multi-factor authentication with granular identity and access management configurations to secure themselves against such threats.

Report a problem with article
Microsoft logo on a greenish background
Next Article

Microsoft products must be repairable for a sustainable future, insists shareholder body

A Google logo on top of a colorful red and green background
Previous Article

Google will now warn you when its search results are unreliable

1 Comment - Add comment