Jun 28, 2021 12:30:00

Microsoft announces another cyberattack from Russian government-backed hacker organization

'One of the most serious cyberattacks in the last decade, ' said Microsoft President Brad Smith, using SolarWinds ' network monitoring software, Orion Platform, to help US government agencies and large corporations. It is a large-scale hacking attack against. It is believed that the Russian government-backed hacker organization 'NOBELIUM' launched this cyberattack, but Microsoft has announced that it has received a new cyberattack by this organization.

New Nobelium activity – Microsoft Security Response Center
https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/

Microsoft says new breach discovered in probe of suspected SolarWinds hackers | Reuters
https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/

SolarWinds hackers breach new victims, including a Microsoft support agent | Ars Technica
https://arstechnica.com/gadgets/2021/06/solarwinds-hackers-breach-new-victims-including-a-microsoft-support-agent/

Nobelium hackers accessed Microsoft customer support tools
https://www.bleepingcomputer.com/news/microsoft/nobelium-hackers-accessed-microsoft-customer-support-tools/

Regarding a large-scale cyber attack on government agencies and large companies using the Orion Platform, SolarWinds said, 'The software update of the Orion Platform distributed in March and June 2020 may have been tampered with by a supply chain attack. There is. ' The tampered software update is believed to have been distributed to 18,000 companies, including the US Treasury, State Department, National Telecommunications Information Management Agency, National Institute of Health, Department of Energy, Department of Homeland Security, and National Nuclear Security Administration. In addition to ministries and agencies such as bureaus, large companies such as Microsoft, Cisco, and FireEye were also reported to have been victims of cyber attacks.

What is the attack on SolarWinds' Orion Platform, which Microsoft president says is 'one of the most serious cyberattacks in the last decade?' --GIGAZINE

The attack was launched by Nobelium, a hacker organization believed to be supported by the Russian government, as mentioned above. Microsoft revealed on June 25, 2021 that it had been hit by a new cyberattack by this nobelium.

According to Microsoft, the cyber attack by Nobelium is 'under investigation' even at the time of writing the article. Nobelium used password spray attacks and brute force attacks to infringe on three entities. Password spray attacks and brute force attacks are attacks on login servers that attempt to gain unauthorized access to your account. However, Microsoft said, 'Recent activities by Nobelium have largely failed, and most of the targets of the attack have not been compromised,' saying that attacks on other than three entities have failed. ..

'One of the customer support agents that can access the account information of some customers has detected malware that steals information,' Microsoft said, revealing that the cyberattack was malware-based. According to Microsoft, Nobelium could exploit information obtained through unauthorized access to launch a wider range of cyberattacks. According to a Reuters report, one of the reporters belonging to the news agency may have been the target of the attack.

In addition, Microsoft has not disclosed details of the 'malware-infected customer support agent,' but according to Reuters, it can be used to provide personal account billing, contact information, information about paid services paid by customers, etc. It will be accessible. Therefore, Reuters says, 'We recommend changing your username and email address.'

In addition, when Ars Technica of overseas media contacted SolarWinds, it seems that a statement that 'our customers are not involved in the latest cyber attack reported this time by Microsoft' was returned.

According to Microsoft, password spray attacks targeted specific customers, with 57% targeting IT companies, 20% targeting government agencies, and the rest targeting non-governmental organizations, think tanks, and financial services. is. Approximately 45% of the cyber attacks this time targeted customers in the United States, 10% targeted customers in the United Kingdom, and the rest targeted customers in Germany and Canada. It seems that it was targeted by.

A Microsoft spokeswoman said the cyberattack was 'unrelated to the previous cyberattack using the Orion Platform.' However, we have not disclosed any details such as the terminals compromised by this attack and the affected areas.