Microsoft: malicious cyber group Nobelium tried to attack entities in 36 countries
According to the company, the attacks were not successful, and only three entities were compromised. Nobelium is considered to be the Russian group behind the attack on SolarWinds. Its recent operations were directed against IT companies, governments and think tanks
Cybertech
| 30/06/2021
REUTERS/Mike Segar/File Photo
The Microsoft Threat Intelligence Center announced that it is tracking new activity by the malicious cyber group Nobelium, which is believed to be responsible for the massive attack on SolarWinds at the end of 2020, and said that the attacks that the group tried to carry out recently did not succeed. Out of the group's attacks against organizations in 36 countries, only three entities have been found to have been compromised so far, and all have been notified.
"This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted."
Microsoft also said that during its investigation, it detected information-stealing malware that was installed on a computer of one of the company's customer support agents "with access to basic account information for a small number of our customers," but the issue was dealt with quickly and all of those affected were informed.
Nobelium, which is also known as CozyBear, The Dukes and APT29, is suspected by senior intelligence officials and cybersecurity executives as operating in Russian territory with the sponsorship of the regime. About a month ago the U.S. State Department announced that it had stopped the group's attack on about 150 U.S. government agencies inside and outside the country that the group carried out by breaching the email of the U.S. Agency for International Development (USAID).
"Nobelium’s activities and that of similar actors tend to track with issues of concern to the country from which they are operating," Microsoft researchers wrote after they identified that attack, saying that it was "yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives."
According to the company, the attacks were not successful, and only three entities were compromised. Nobelium is considered to be the Russian group behind the attack on SolarWinds. Its recent operations were directed against IT companies, governments and think tanks
REUTERS/Mike Segar/File Photo
The Microsoft Threat Intelligence Center announced that it is tracking new activity by the malicious cyber group Nobelium, which is believed to be responsible for the massive attack on SolarWinds at the end of 2020, and said that the attacks that the group tried to carry out recently did not succeed. Out of the group's attacks against organizations in 36 countries, only three entities have been found to have been compromised so far, and all have been notified.
"This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted."
Microsoft also said that during its investigation, it detected information-stealing malware that was installed on a computer of one of the company's customer support agents "with access to basic account information for a small number of our customers," but the issue was dealt with quickly and all of those affected were informed.
Nobelium, which is also known as CozyBear, The Dukes and APT29, is suspected by senior intelligence officials and cybersecurity executives as operating in Russian territory with the sponsorship of the regime. About a month ago the U.S. State Department announced that it had stopped the group's attack on about 150 U.S. government agencies inside and outside the country that the group carried out by breaching the email of the U.S. Agency for International Development (USAID).
"Nobelium’s activities and that of similar actors tend to track with issues of concern to the country from which they are operating," Microsoft researchers wrote after they identified that attack, saying that it was "yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives."
