Reading Time: 2 minutes

According to Microsoft, the hackers behind the infamous SolarWinds cyberattacks could be engaged in a new campaign. Their new objective would endanger global networks by targeting the tech supply chain, including cloud technology providers.

Microsoft connects the first observed attack in May to a group called Nobelium. These are the same state-sponsored Russian hackers that used complex intrusion techniques in 2020 to contaminate 18,000 customers of SolarWinds Corp with malware.

Microsoft’s Corporate Vice President, Customer Security & Trust, Tom Burt, announced that the company had notified 140 various resellers and technology service providers concerning Nobelium’s cyberattacks.

Unfortunately, 14 of the informed organizations were already endangered by the same group. However, the main victim of this campaign is resellers and technology service providers who develop, customize, and manage cloud services and other technologies on account of their clients.

intrusion-conducted-by-NOBELIUM

Image Credit: Hackread

In August, Joe Biden also met with the top tech leaders in the U.S to discuss the rising cybersecurity issues and ransomware attacks in the country.

When U.S President Joe Biden met Russian President Vladimir Putin in Geneva, he asked him to take action against recent attacks on American businesses. He also gave a tally of sixteen critical sectors that shouldn’t be hacked to avert cyber feedback from the government of the U.S, but the attacks have continued.

However, the Kremlin has continued to deny obligation for any hacking attacks repeatedly.

Microsoft Corporate Vice President of Customer Security and Trust Tom Burt has said:

We informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits between July and October this year

To ensure protection against cyberattacks from Nobelium, Microsoft’s Threat Intelligence Center (MSTIC) has released technical guidance for companies and customers.

Whether you are running a small business or large organization, having sufficient knowledge about phishing and cybersecurity is necessary. We have compiled a few steps below for spotting phishing attempts.

  • Usually, phishing attempts contain links, downloadable attachments, or asking the user to take action immediately.
  • There are many spelling and grammatical mistakes in the message, but it’s not always the case.
  • The message can inject a feeling of seriousness to get people to take various actions immediately without thinking.
  • The email will contain a strange or weird-looking email signature.