The Microsoft Threat Intelligence Center said it’s been tracking recent activity from Nobelium, a Russia-based hacking group best known for the SolarWinds cyberattack of December 2020, and that the group managed to use information gleaned from a Microsoft worker’s device in attacks.
Microsoft said it “detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers” and that “the actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.” The affected customers were notified of the breach.
Nobelium followed up the SolarWinds cyberattack in May with a campaign against the US Agency for International Development (USAID). The group reportedly used one of USAID’s email marketing tools to send phishing messages to more than 150 organizations. Those messages contained a link used to distribute malware that could steal data, infect other devices, and more.
<p>The news that the Nobelium Hacking Group—the threat actors behind the Solarwinds cyberattack—is showing signs of continued activity according to the Microsoft Threat Intelligence Center should surprise no one. Given that the large percentage of their attacks are focused on tech companies and governmental agencies, these organizations have a high level of motivation to move proactively beyond traditional perimeter-based and user access protection methods in an attempt to head off future attacks.</p>
<p>The real issue for most organizations is that highly sensitive information is also highly valuable within their corporate workflows, for activities such as data analytics and development testing, so protecting the data itself (known as data-centric protection) comes with its own complications. For example, using simple encryption can throw off the original data format, which in turn creates an obstacle for working with and analysing the data unless de-protection occurs. Other data-centric forms of protection such as tokenization can avoid this situation by obfuscating the sensitive parts but preserving the format of the information. This means that enterprise applications don’t have to be modified in order to work with protected data, closing a significant attack vector for hackers.</p>
<p>Data-centric security such as tokenization is one tool in the modern cybersecurity toolkit, but because aggressive threat actor groups such as Nobelium are actively seeking other targets, it’s a tool that no organization should overlook.</p>