Tuesday, May 28, 2024

The group that attacked SolarWinds (in “the largest software engineering attack in history”), steals information from Microsoft


Nobelio, which is the group behind the huge SolarWinds supply chain hack, has now attacked Microsoft itself directly. The Redmond firm has claimed in the past that Nobelium is a group originating in Russia and has staged various attacks in recent months.

In a shared information this weekend, Microsoft said that found “malware to steal information on the machine of one of its support agents”. At the same time this agent had access to “basic customer account information”.

Targets in 26 countries

With that information, hackers “launched highly targeted attacks as part of a larger campaign“Microsoft says it responded by removing access and securing devices.

According information provided by Microsoft, although most attacks have not been successful, the activity was directed to specific clients, mainly IT companies (in 57% of the cases), followed by the public administration (20%) and to a lesser extent non-governmental organizations and companies that offer financial services.

The attack It has reached 36 countries in total. Most of the targets were in the United States, but also in Europe, with the United Kingdom and Germany being the most prominent in the Old Continent. It should be remembered that in February, the president of Microsoft, Brad Smith, claimed that the attack on SolarWinds’ supply chain, made by this same group, which met in December, is the largest and “most sophisticated” in history.

Using multi-factor authentication as a recommendation


“The investigation is ongoing, but we can confirm that our support agents are configured with the minimum set of required permissions,” says the firm. At the same time, Redmond claims to be notifying all affected customers. Microsoft recommended the use of multi-factor authentication and zero trust architectures to help protect the environments.

As a result of the incident, Microsoft said it was going to “refine” its policies regarding validation and signature processes..

“This activity was mostly unsuccessful, and most of the objectives were not successfully compromised”, say the company officials who acknowledge that it is known from “three entities that have seen their security compromised“although he has not specified what they are or where they are.

This is not the first Nobelium attack to hit Microsoft

solar winds

The firm that recently introduced Windows 11 says that for the moment the attack not attributed to a nation-state as origin.

Redmond recently warned what Nobelium was conducting a phishing campaign posing as USAID after he managed to gain control of a USAID account on an email marketing platform.

That phishing campaign targeted some 3,000 accounts linked to government agencies, think tanks, consultants, and non-governmental organizations.

The Solarwinds attack in the month of December it also affected Microsoft. What began as a cyberattack on almost unknown software, derived in accessing a Microsoft software source code, What the company announced.

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:


More like this

How to Sell CS:GO Skins for Real Money

CS:GO skins have become not just an ordinary design...

Decoding The Diversity: A Guide To Different Types Of Horse Races

Horse racing reaches 585 million households worldwide, enjoying immense...

Maximizing Efficiency: How Our Cloud Services Revolutionized Operations for Small Businesses

Small businesses constantly seek innovative solutions to streamline operations...

Big Data for Musicians: The Game Changer!

In the dynamic realm of the music industry, Viberate...