In another sign that Russian hackers who breached SolarWinds network monitoring software to compromise a large number of entities have never really gone away, Microsoft said that the threats behind malicious cyber activity used password injection. and brute-force attacks to try to guess passwords and Access to customer accounts
“Most of these recent events were unsuccessful. And most of the goals were unsuccessful. We are aware of three compromised entities to date,” the tech giant̵
7;s Threat Intelligence Center said on Friday. “All customers that are compromised or targeted will be contacted through our national notification process.”
The development was first reported by Reuters. The victim’s name was not disclosed.
The latest wave in a series of invasions is said to be aimed primarily at IT companies. followed by government agencies NGOs, think tanks and financial services, with 45% of attacks in the United States. United Kingdom, Germany and Canada.
Nobelium is the name Microsoft has given to the nation-state adversary responsible for last year’s unprecedented attack on the SolarWinds supply chain. It is followed by the broad cybersecurity community under the nicknames APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
Additionally, Microsoft said it detected malware stealing data on machines owned by a customer support representative. which accesses basic account information for a small number of customers
The stolen customer data was later “in some cases” to launch highly targeted attacks as part of a broader campaign, the company noted, adding that it moved quickly to secure its devices. An investigation into the incident is ongoing.
The revelation that the hacker has set up a new arm of the campaign comes a month after Nobelium targeted more than 150 organizations located in 24 countries using compromised USAID accounts at a mass email marketing company that Constant Contact name to send enabled phishing email Groups to deploy backdoors that can steal valuable data
The development is also the second time an attacker has identified Microsoft after the company revealed in early February that attackers could compromise networks to view source code related to products and services including Azure, Intune and Exchange.
Moreover The disclosure also comes as the U.S. Securities and Exchange Commission (SEC) opened an investigation into the SolarWinds breach to determine whether some hacking victims failed to disclose security incidents. Is it safe for the public, Reuters reported last week.
