Nobelium Cyberattacks Target 140 Resellers, Technology Service Providers, Microsoft Alleges - Hexafusion Blog | Hexafusion

Hexafusion Blog

Nobelium Cyberattacks Target 140 Resellers, Technology Service Providers, Microsoft Alleges

Nobelium, the alleged Russian state actor that apparently launched the SolarWinds Orion cyberattacks, has targeted at least 140 resellers and technology service providers since May 2021, Microsoft reported. As many as 14 of those resellers and technology service providers have been compromised, Microsoft added.

Instead of exploiting software flaws and vulnerabilities, the Nobelium attacks typically leverage password spray and phishing techniques to steal legitimate credentials and gain privileged access, Microsoft noted.

It’s unclear whether the Microsoft report is related to hackers that targeted Synnex in an attempt to access customer applications within Microsoft’s cloud in July 2021.

Nobelium Cyberattacks: Guidance for IT Service Providers

To mitigate the attacks, Microsoft introduced this technical guidance as well as guidance for partners. The guidance specifically mentions cloud service providers or an organization that relies on elevated privileges. Portions of the guidance called on partners to:

Verify and monitor compliance with Microsoft Partner Center security requirements. Remove delegated administrative privileges (DAP) connection when not in use. Conduct a thorough investigation and comprehensive response.

Downstream customers, Microsoft added, should:

Review, audit, and minimize access privileges and delegated permissions. Verify multi-factor authentication (MFA) is enabled and enforce conditional access policies. Review and audit logs and configurations.

Microsoft Statement: Scope of Nobelium Cyberattacks vs Resellers, Service Providers

In an extensive blog, Microsoft stated:

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers. We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community. Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised. Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful.”

 

Original author: Joe Panettieri
How We Can Narrow the Talent Shortage in Cybersecu...
Vulnerability Management and Protection: Think Lik...

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 02 December 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/

Customer Login

News & Updates

Contact us

Learn more about what Hexafusion can do for your business.

Hexafusion
250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1