Microsoft has named the threat actors as Nobelium, continuing its tradition of naming notable nation-state hacking groups after chemical elements, such as Russia s Strontium, China s Barium, Iran s Phosphorus, and North Korea s Thallium.
Until now, Microsoft and security vendor FireEye had identified Sunburst (which Microsoft called Solorigate) and Teardrop malware. In January, security firm CrowdStrike found Sunspot, a piece of software dedicated to monitoring the build server for build commands that assembled Orion.
Orion is the SolarWinds network monitoring software that Nobelium attackers used to broadly distribute the Sunburst backdoor to 18,000 organizations throughout 2020, prior to cherrypicking nine US federal agencies and about 100 US companies to actually compromise and steal information from, according to the White House s investigation.
Arrest Made
On Wednesday, the Justice Department announced the indictment of Sebastien Vachon-Desjardins, a Canadian national who is suspected of working as a NetWalker affiliate and helping to conduct a ransomware attack against a victim in Florida. Vachon-Desjardins is alleged to have made $27.6 million from infecting victims with the NetWalker ransomware.
Vachon-Desjardins has been charged with intentional damage to a protected computer, which carries a maximum sentence of 10 years in federal prison, the federal indictment notes.
Bulgarian authorities have seized the servers used to support the darknet sites used by NetWalker ransomware affiliates to provide payment instructions and communicate with victims, according to the Justice Department.