Nobelium APT group, the one behind the famous SolarWinds attack and also associated with Russia’s spy agency, seems to reenter the threat landscape scene. This time its targets are tech resellers, as the threat actors try to get access to these resellers’ downstream customers in a fresh supply chain attack.
Nobelium APT New Supply-Chain Attack: How It Works
As per Microsoft and Mandiant, the impact this new cyberattack has had so far is related to Europe and North America and the group does not use the same method as in SolarWinds case this time: the trojanizing of legitimate code, therefore there is no vulnerability exploited now.
Here is how the new Nobelium Apt attack works, according to ThreatPost:
It makes use of tried-and-true methods with the goal to infiltrate the networks of resellers; These methods could be phishing for instance or credential stuffing, engaging in theft of tokens, or abusing the API; Through this, they manage to access resellers’ networks. How? Via credentials that are legitimate also via privileged access that comes with those credentials; Then, an action of landing and pivoting into the resellers’ network as their goal is to reach their clients; Then, once the network access is