A Russian state-sponsored group called Nobelium has breached into Microsoft’s support agent computer and accessed customer subscription information. Nobelium hackers were the ones behind the SolarWinds supply-chain attacks. Microsoft mentioned in their blog post about the Nobelium hackers and their password spray attacks and brute-force attacks on their corporate network looking for a way to breach into Microsoft’s network.
The modus operandi of Nobelium hackers attack
Password Spray and Brute-force attacks use random passwords to guess the right one and breach into an account or network. While the former tries to use one password for multiple accounts to breach into the latter will attempt multiple passwords for a single account.
Microsoft claims that Nobelium hackers’ attack attempts weren’t completely successful as they could only breach some entities that includes IT companies, financial institutions, government and non-government organizations that is scattered around 36 countries in total.
Nobelium hackers and the Microsoft support tools accessed
Nobelium hackers have gained access into customer support agent’s computer accessing the basic account information of a limited number of customers. After gaining access Nobelium hackers used these information to gain further access into the corporate network using targeted phishing attacks on Microsoft customers.
Reuters has received an email warning about the Microsoft’s Nobelium Hackers access into the corporate account.
Nobelium hackers and their latest routines
Nobelium hackers also go by other names like Cozy bear, The Dukes, and APT29, has been the ones behind the massive SolarWinds supply chain attack that hindered operations among major US organizations like FireEye, Cisco, Malwarebytes, Mimecast and more. Furthermore, Microsoft disclosed the hacking group had compromised the Constant Contact account for USAID (US agency for foreign aid and development assistance).
With the aid of this account, Nobelium conducted numerous spear phishing attacks to deploy malware and gain access to many corporate networks. However, later US DOJ (Department of Justice) has seized the domains to prevent phishing and malware distributions.
