28 June 2021

Microsoft says hackers who compromised SolarWinds breached three new victims


Microsoft says hackers who compromised SolarWinds breached three new victims

Nobelium, a Russia-linked hacking group believed to have compromised SolarWinds network monitoring software in order to plant malicious software on the company customers’ networks last year, has returned with a new series of attacks, Microsoft said in a new report.

The tech giant said its investigation showed that the group, also known as APT29, Cozy Bear, and The Dukes, used password spray and brute-force techniques to compromise victims. While Nobelium’s recent activity was largely unsuccessful, the hackers managed to breach networks of three new entities, Microsoft said.

The attacks targeted mostly IT companies (57%), followed by government (20%), and non-governmental organizations and think tanks, as well as financial services.

“The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted,” Microsoft noted.

The Redmond-based company also said it has found information-stealing malware on a machine belonging to one of its customer support agents with access to basic account information for a small number of customers. The hackers used this information to conduct highly-targeted attacks as part of their broader campaign. The access to the machine has since been removed and the customer’s agent device has been secured, Microsoft said.

Last month, Microsoft reported that Nobelium hacking group targeted over 150 organizations across at least 24 countries using a hacked USAID (United States Agency For International Development) account at a mass email marketing company Constant Contact to send phishing emails and deploy the NativeZone backdoor capable of stealing information.

Back to the list

Latest Posts

Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024
US seizes 32 domains linked to Russian Doppelganger influence campaign

US seizes 32 domains linked to Russian Doppelganger influence campaign

The domains, used to disseminate propaganda, were seized as part of a broader effort to disrupt Russia’s attempts to interfere in the 2024 US Presidential Election.
5 September 2024