SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.

Researchers from Mandiant have identified two distinct clusters of activity that can be “plausibly” attributed to the threat group, which they track as UNC2452, they said in a report published Monday.

Mandiant has tracked the latest activity as UNC3004 and UNC2652 since last year and throughout 2021, observing the compromise of a range of companies that provide technology solutions, cloud and other services as well as resellers, they said.

We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive, anonymous Threatpost Poll!

Indeed, resellers were the target of a campaign by Nobelium that Microsoft revealed

Read More: