The group behind the Massive Solarwinds Hacks recently launched another Cyberatack campaign, and one of the victims was a Microsoft customer service agent. Microsoft has revealed in a blog publication that is tracking the new activity of the group baptized as a Nobelium. “This recent activity was mostly unsuccessful,” said the company, and the group did not infiltrate most of the objectives. However, attackers managed to compromise at least three entities, and Microsoft also found that the information, stealing malware in one of the customer support agents’ machines as part of their current research.
At this time, the technical giant continues to analyze the methods used by the attackers, but has seen evidence of a password spray and brute force attacks so far. He did not appoint the three entities committed in his initial report, and did not say if the attackers obtained their machine information owned by the company’s customer service representative. However, Microsoft admitted that the machine had access to the basic account information for a small number of its customers and that bad actors used that information to start highly specific attacks.
The company said that it responded quickly and was able to eliminate the group’s access to the customer service agent’s device. It has also alerted the committed entities and all other objectives through its nation-notification process. US officials believe that Russia was behind the SolarWinds hacks and previously linked to Nobelium to the country’s intelligence agency.
Last month, Microsoft discovered that the same group has been running a sophisticated launcher phishing campaign-based email targeting government agencies, Think Tanks and Non-Governmental Organizations. Sent emails infected with its objectives after infiltrating the mass mail service used by the United States Agency for International Development or USAID. This new campaign focused more on IT companies, although it also directed government organizations and NGOs to a lesser extent. As in its previous activities, Nebelium was mainly for entities based in the United States in this recent series of attacks. About 10 percent of the objectives is based on the United Kingdom, while a smaller number is based on Germany and Canada.