Russian Actor Nobelium Now Targets IT Resellers and Other Technology Service Providers
Published on October 25, 2021
- The Russian nation-state-backed actor Nobelium is again targeting large IT businesses, this time focusing on resellers and other technology service providers.
- The Microsoft Threat Intelligence Center notes it has attacked its customers over 22,000 times in the last three months.
- Most common breach prevention techniques include turning on MFA using dedicated security surveillance software.
This year, Nobelium has made several attempts to attack US customers of the global IT supply chain. Their focus now lies on resellers and related tech service providers that operate cloud services and other technologies for their clients. Cybersecurity experts speculate that out of 140 resellers targetted by Nobelium since May 2021, 14 have already been compromised.
Nobelium is the same actor behind the cyberattacks against SolarWinds customers in 2020 and one of the most notable Russia-based cybercriminal groups in the world right now. Also, it has been linked with Russia's foreign intelligence service, SVR.
The group also attacked over 600 Microsoft customers 22,868 times between July 1 and October 19 this year. A recent consolidated report on this group's activities has been included in the Microsoft Digital Defense Report published this month.
According to the Microsoft Threat Intelligence Center (MSTIC), Nobelium is using scripted capabilities such as RoadTools, AADInternals, and others for Azure AD false authentications based entry into live scripting environments. They want to get long-term persistence and sensitive info access. In particular, Nobelium has been focussing on high-tier privilege users such as Global Administrators to perform Azure RunCommand-based pairing with Azure admin-on-behalf-of (AOBO) to infiltrate virtual environments.
Most of the attacks on clients of US companies are predicated on phishing for passwords or spraying logins to gain access. Cybersecurity experts have recommended certain techniques for protecting legit online actors, such as specific security protections on Partner Portal access and multi-factor authentication (MFA). Other techniques include using delegated administrative privilege (DAP), Microsoft Cloud App Security (MCAS), M365 Defender, Azure Defender, and Azure Sentinel.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular