Microsoft s Threat Intelligence Center (MSTIC) says it has been tracking this Nobelium-operated campaign since January 2021 and it has evolved as the group experiments with new tactics. The phishing attack has so far targeted some 3,000 accounts at more than 150 organizations across several industry verticals. The victims span 24 countries, though most attacks aimed at the US.
Nobelium, a group connected to Russia, has historically targeted organizations, non-governmental organizations, think tanks, military, IT service providers, health technology and research, and telecommunications providers. In this case, Microsoft reports at least a quarter of targets work with international development, humanitarian, and human rights work.
Its newest campaign leverages Constant Contact, a legitimate mass-mailing service used for email marketing. Due to a high volume of emails distributed in this campaign, automated email threat detection marked many of the malicious emails as spam. However, s
Thinkstock
The Russian hacking group behind the supply chain attack that poisoned software updates for the SolarWinds Orion platform has been perfecting its email-based attacks over the past few months to plant backdoors inside organizations. These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries.
The hacking group, known in the security industry as APT29, Cozy Bear, The Dukes and Nobelium, has been tied to the Russian Foreign Intelligence Service (SVR) by the US and UK governments. It has a long history of targeting governmental or government-tied organizations, sometimes using zero-day exploits to gain initial access. In this latest email campaign observed by Microsoft, around a quarter of Nobelium s targets were organizations involved in international development, humanitarian, and human rights work.
What s going on with the HSE cyberattack? siliconrepublic.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from siliconrepublic.com Daily Mail and Mail on Sunday newspapers.
By Kevin Townsend on May 04, 2021
A new variant of the Buer malware loader has been detected, written in Rust. The original version is written in C. Rust is efficient, easy-to-use, and an increasingly popular programming language – Microsoft uses it, and joined the Rust Foundation in February 2021.
Researchers at Proofpoint identified the new variant in early April 2021, and named it RustyBuer. Like Buer, it works as a downloader to distribute other malware to compromised systems. The most likely reason for the development of a Rust variant is to evade anti-malware detections that are based on features of the malware written in C.
Tyler McLellan, principal threat analyst for advanced practices at Mandiant says the company is unsure about how many SonicWall VPN devices remain unpatched against CVE-2021-20016, a critical SQL injection vulnerability in SonicWall s Secure Mobile Access SMA 100 series remote access products. SonicWall issued a patch for the flaw, which is the one that UNC2447 is targeting, in February 2021. While we don’t have numbers on unpatched devices, Mandiant is aware that UNC2447-related threat actors are still in possession of credentials stolen from over 100 VPN appliances, McLellan says. These affected organizations will remain at risk of ransomware attack even if patched, unless they enable multifactor authentication or reset all passwords.