Microsoft Tracks Attack Campaign Against Customer Support Agents
The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.
The Microsoft Security Response Center is tracking a new attack campaign in which Nobelium, a group connected to Russia, targets Microsoft customer support agents and uses its foothold to attempt further attacks.
Nobelium is the same group Microsoft attributed to the SolarWinds supply chain attack in 2020, and it has been active since then. Last month, Nobelium launched a phishing attack after gaining access to the Constant Contact account of the United States Agency for International Development.
An investigation into Nobelium's recent activity revealed information-stealing malware on a machine belonging to a Microsoft customer support agent. The device had access to basic account information for a small number of customers. Attackers used the information, in some cases, to launch highly targeted attacks as part of a broader campaign. The access was removed and the device secured.
Microsoft says its latest activity targeted specific customers, mostly IT companies (57%), government (20%), and non-governmental organizations and think tanks, as well as financial services. About 45% of attacks were focused on US interests, followed by 10% in the UK and smaller numbers in Germany and Canada. A total of 36 countries were targeted, they report.
"This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date," officials found. All affected customers are being contacted.
Read the full MSRC blog post for more details.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024