Cybersecurity (opens in new tab) researchers from Microsoft have shared details about a recent and “mostly unsuccessfully” campaign by state-sponsored actors against several customers.
Security experts at the Microsoft Threat Intelligence Center (MSTIC) note that threat actor Nobelium used an information-stealing malware (opens in new tab) on the computer of a customer support agent to launch a series of “highly-targeted” attacks.
“This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date,” shared MTIC in a blog post (opens in new tab), without going into details about the extent of the compromise.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
>> Click here to start the survey in a new window (opens in new tab) <<
- Protect your devices with these best antivirus (opens in new tab) software
- These are the best ransomware protection (opens in new tab) tools
- Here's our choice of the best malware removal (opens in new tab) software on the market
Reuters claims (opens in new tab) Microsoft announced the breach only after it approached the software giant to inquire about a note the Redmond-based company had sent out to affected customers.
The state-sponsored Nobelium group, thought to be operating out of Russia, is largely believed to be behind the infamous SolarWinds (opens in new tab) supply chain attack.
Reuters spoke to an unnamed official at the White House, who claimed the latest campaign appeared far less serious than the SolarWinds attack.
"This appears to be largely unsuccessful, run-of-the-mill espionage," the official reportedly told Reuters.
In its blog post, MSTIC shares that Nobelium (opens in new tab) conducted password spray and brute-force attacks against Microsoft customers to gain access to their networks.
The threat actor targeted customers in three dozen countries, with most of the targets in the US (45%), followed by UK (10%), and smaller numbers in Germany and Canada.
The majority of these were IT companies (57%), followed by government entities (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.
“This type of activity is not new, and we continue to recommend everyone take security precautions such as enabling multi-factor authentication (opens in new tab) to protect their environments from this and similar attacks,” MSTIC advised.
- We've put together a list of the best endpoint protection (opens in new tab) software