So far, Microsoft has informed 140 companies about the new attack campaign being carried out by Nobelium 14 of which were compromised by the group.
The IT security researchers at Microsoft have revealed that the threat actors from the Nobelium group are back in action and currently targeting resellers and Cloud service providers.
Nobelium is the same group that launched the massively devastating supply chain attacks against Texas-based SolarWinds’ Orion software last year. the infamous group is also known for using SUNBURST and TEARDROP malware.
Microsoft has been following the activities of this group quite closely since then and just last month, the company warned of Nobelium’s comeback after the actors were found using a never-before-seen post-exploitation backdoor called FoggyWeb.
The backdoor is capable of stealing sensitive data from a compromised AD FS (Active Directory Federation Services) server. For your information, according to the U.S. government and other authorities Nobelium is part of Russia’s foreign intelligence service known as the SVR.
140 service providers informed; 14 compromised
In the latest blog post, Microsoft’s Corporate Vice President, Customer Security & Trust, Tom Burt revealed that since May 2021, the company has informed 140 resellers and technology service providers about Nobelium’s cyberattacks on