Microsoft Updates On Russian Nobelium Phishing Campaign, Urges Companies To Move To The Cloud
Late last week, we reported that the SolarWinds hackers from last year, called Nobelium, were back in action targeting NGOs around the world, according to data from Microsoft. Now, the Redmond-based company is providing an update on its investigation and some context to the situation.
In January, the advanced Russian hacking group Nobelium began ramping up a phishing campaign, targeting "government agencies, think tanks, consultants, and non-governmental organizations." More recently, however, the group gained access to the USAID's "Constant Contact" marketing account, allowing them to send authentic-looking emails with malware embedded to the group's targets. Thankfully, Microsoft's Defender largely blocked this malicious activity, but it still required some investigation.
After this occurred, Microsoft notified its targeted customers and kept watch for new reports indicating breaches or compromised accounts. Subsequently, there is nothing to indicate "any significant number of compromised organizations at this time," as the company reports. This is good news for now, though these sorts of events are important to report when they happen for several reasons.
First and foremost, it helps other agencies, like the Cybersecurity and Infrastructure Security Agency (CISA), to combat cyber threats such as this. Over the weekend, the agency tweeted that it was investigating the situation with the FBI to "understand the scope of these activities and assist potentially impacted entities." Furthermore, these phishing threats help Microsoft and other organizations work toward better defense and deterrence.
As always, Microsoft will continue its "efforts across all these issues and will continue to work across the private sector, with the Administration and with all other interested governments to make this progress." In addition it says that wall must collectively, "Work to better defend. The best defense is to move to the cloud, where the most secure technology from any cloud provider is always up to date, and where the fastest security innovations are occurring." The hope is that we will have to worry about cyber threats significantly less at some point, but that will take some work to get there. In the meantime, stay tuned to HotHardware for updates on security threats around the world.