
By Byron V. Acohido
Microsoft has blunted the ongoing activities of the Nobelium hacking collective, giving us yet another glimpse of the unceasing barrage of hack attempts business networks must withstand on a daily basis.
Related: Reaction to Biden ‘s cybersecurity executive order
Nobelium is the Russian hacking collective best known for pulling off the milestone SolarWinds supply chain hack last December. That caper required the intricate counterfeiting of software updates sent out automatically by SolarWinds to 18,000 customers. And yet, for all of its sophistication, Nobelium also engages in routine phishing campaigns to get a foothold in targeted organizations. This of course is how they get a toehold to go deeper.
In this case, the attackers leveraged information gleaned from a Microsoft worker’s computing device. In a blog posting, Microsoft disclosed that it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.”
Microsoft said it notified the targeted 150 organizations, which included “IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.”