The company attributes the attack to Nobelium, the same group it linked to the SolarWinds campaign earlier this year.

Dark Reading Staff, Dark Reading

June 29, 2021

1 Min Read

The Microsoft Security Response Center is tracking a new attack campaign in which Nobelium, a group connected to Russia, targets Microsoft customer support agents and uses its foothold to attempt further attacks.

Nobelium is the same group Microsoft attributed to the SolarWinds supply chain attack in 2020, and it has been active since then. Last month, Nobelium launched a phishing attack after gaining access to the Constant Contact account of the United States Agency for International Development.

An investigation into Nobelium's recent activity revealed information-stealing malware on a machine belonging to a Microsoft customer support agent. The device had access to basic account information for a small number of customers. Attackers used the information, in some cases, to launch highly targeted attacks as part of a broader campaign. The access was removed and the device secured.

Microsoft says its latest activity targeted specific customers, mostly IT companies (57%), government (20%), and non-governmental organizations and think tanks, as well as financial services. About 45% of attacks were focused on US interests, followed by 10% in the UK and smaller numbers in Germany and Canada. A total of 36 countries were targeted, they report.

"This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date," officials found. All affected customers are being contacted.

Read the full MSRC blog post for more details.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights