Microsoft says hackers who compromised SolarWinds breached three new victims

Microsoft says hackers who compromised SolarWinds breached three new victims

Nobelium, a Russia-linked hacking group believed to have compromised SolarWinds network monitoring software in order to plant malicious software on the company customers’ networks last year, has returned with a new series of attacks, Microsoft said in a new report.

The tech giant said its investigation showed that the group, also known as APT29, Cozy Bear, and The Dukes, used password spray and brute-force techniques to compromise victims. While Nobelium’s recent activity was largely unsuccessful, the hackers managed to breach networks of three new entities, Microsoft said.

The attacks targeted mostly IT companies (57%), followed by government (20%), and non-governmental organizations and think tanks, as well as financial services.

“The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted,” Microsoft noted.

The Redmond-based company also said it has found information-stealing malware on a machine belonging to one of its customer support agents with access to basic account information for a small number of customers. The hackers used this information to conduct highly-targeted attacks as part of their broader campaign. The access to the machine has since been removed and the customer’s agent device has been secured, Microsoft said.

Last month, Microsoft reported that Nobelium hacking group targeted over 150 organizations across at least 24 countries using a hacked USAID (United States Agency For International Development) account at a mass email marketing company Constant Contact to send phishing emails and deploy the NativeZone backdoor capable of stealing information.

Back to the list

Latest Posts

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

Ongoing campaign targets exposed PostgreSQL instances to deploy crypto miners

The campaign could involve over 1,500 compromised systems.
2 April 2025
DPRK IT worker threat expands beyond the US, focuses on Europe

DPRK IT worker threat expands beyond the US, focuses on Europe

The schemes come with new tactics, including extortion campaigns and corporate virtualized infrastructure compromises.
2 April 2025
New PhaaS platform Lucid targets 169 entities across 88 countries using iMessage and RCS

New PhaaS platform Lucid targets 169 entities across 88 countries using iMessage and RCS

Lucid is capable of sending up to 100,000 smishing messages per day.
1 April 2025