The group behind hacks Solarwinds has recently launched another CyberatCK campaign, and one of the victims is a Microsoft customer support agent. Microsoft has revealed in blog posts that it tracks new activities from the group being baptized as nobelium. “Most recent activities did not succeed,” said the company, and the group failed to infiltrate most of the targets. The attackers managed to compromise at least three entities, and Microsoft also found malware stealing information on one of the customer support agent machines as part of the current investigation.
At present, the technology giant still sees the methods of the attackers used, but have seen proof of password spray and brute-force attacks so far. It did not mention the three entities that were compromised in the initial report, and it also did not say whether the attackers got their information from the machine owned by corporate customer support representatives. However, Microsoft acknowledges that the machine has access to basic account information for a small number of customers and that bad actors use the info to launch a very targeted attack.
The company says responding quickly and can remove group access to its customer service agent device. It also tells the entities that are compromised and all other targets through the process of notification of the nations. US officials believed Russia was behind the hacking of Solarwinds and previously linked Nobelium to the country’s intelligence agency.
Only last month, Microsoft found that the same group had run email-based email-based spear campaigns targeting government institutions, think tanks and non-governmental organizations. It sent an infected email to its target after infiltrating the United States International Development Agency or USAID. This new campaign focuses more on IT companies, although it also targets government and NGO organizations to a smaller level. As in previous activities, most Nobelium went for entities based in the US in a series of recent attacks. About 10 percent of the target based in the UK, while a smaller number is based in Germany and Canada.