Today, we’re sharing the latest activity we’ve observed from the Russian nation-state actor Nobelium. This is the same actor behind the cyberattacks targeting SolarWinds customers in 2020 and which the U.S. government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.
Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers. We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community. Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised. Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful.
Quelle: Microsoft Blog
https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium
Fachartikel
Strategien für eine fortgeschrittene digitale Hygiene
Mit LogRhythm 7.16 können Sie das Dashboard-Rauschen reduzieren und Log-Quellen leicht zurückziehen
Wie man RMM-Software mit einer Firewall absichert
Red Sifts vierteljährliche Produktveröffentlichung vom Frühjahr 2024
Konvergiert vs. Einheitlich: Was ist der Unterschied?
Studien
Studie zu PKI und Post-Quanten-Kryptographie verdeutlicht wachsenden Bedarf an digitalem Vertrauen bei DACH-Organisationen
Zunahme von „Evasive Malware“ verstärkt Bedrohungswelle
Neuer Report bestätigt: Die Zukunft KI-gestützter Content Creation ist längst Gegenwart
Neue Erkenntnisse: Trend-Report zu Bankbetrug und Finanzdelikten in Europa veröffentlicht
Studie: Rasantes API-Wachstum schafft Cybersicherheitsrisiken für Unternehmen
Whitepaper
Unter4Ohren
Datenklassifizierung: Sicherheit, Konformität und Kontrolle
Die Rolle der KI in der IT-Sicherheit
CrowdStrike Global Threat Report 2024 – Einblicke in die aktuelle Bedrohungslandschaft
WatchGuard Managed Detection & Response – Erkennung und Reaktion rund um die Uhr ohne Mehraufwand
