The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyberattack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks.
Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.
Nobelium followed up the SolarWinds cyberattack in May with a campaign against the US Agency for International Development (USAID). The group reportedly used one of USAID’s email marketing tools to send phishing messages to more than 150 organizations. Those messages contained a link used to distribute malware that could steal data, infect other devices, and more.