Nobelium is the name of the Russian hacker group that attacked SolarWinds last year and it seems that they have once again struck out with a new threat called NativeZone. According to Tom Burt, Corporate Vice President of Customer Trust and Security at Microsoft, this week the Microsoft Threat Intelligence Center (MSTIC) detected Nobelium cyberattacks against government agencies, think tanks, consultants and non-governmental organizations.
Burt notes that this wave of attacks targeted around 3,000 email accounts in more than 150 different organizations in 24 countries, although most are from the United States. In addition, at least a quarter of the selected organizations were involved in international human rights and humanitarian development work.
Nobelium launched this week’s attacks by gaining access to USAID’s Constant Contact account, after gaining access to USAID’s Constant Contact, a service used for email marketing, Nobelium began distributing phishing emails that looked authentic but included a link for the recipient of the message to click and thus, without the knowledge of the person, install a malicious file used to distribute the NativeZone Trojan.
This Trojan allows cybercriminals to carry out a wide range of activities on the hacked computer. Among those activities is the possibility of stealing data and infecting other computers on a network, to name just a few of the activities they can perform. Burt points out that several of those attacks on Microsoft clients were blocked automatically and in addition Windows Defender, the security suite that comes in Windows 10, is blocking the NativeZone Trojan.
It is clear that part of Nobelium’s techniques is to access trusted technology providers and infect their customers. By relying on software updates and now bulk email providers, Nobelium increases the risk of collateral damage spying operations and undermine trust in the technology ecosystem.
You can also check this:
Sunburst – The Biggest Malware on Post-Cold War
Attacks suffered by USA that changed Cybersecurity
[…] also:NativeZone – Solarwinds Authors ReturnNetwalker Ransomware that uses the fear on […]