Supply Chain Crisis Intensifies as Nobelium Activity Returns


The SolarWinds hack that took place at the end of 2020 is considered to be one of most devastating online attacks ever documented, and heightened public awareness about the significant rise in cybercrime. However, it appears the Russian organization behind this attack, Nobelium, is active yet again, this time aiming to capitalize on the ongoing supply chain dilemma.

According to an official blog post from Microsoft’s VP of Customer Security and Trust, Tom Bert, Nobelium has targeted at least 140 technology resellers and service providers that are major players in global supply chain activity. Microsoft believes that Nobelium is attempting to exploit software and cloud resellers to directly target customer’s personal IT infrastructure.

“The attacks we’ve observed in the recent campaign against resellers and service providers have not attempted to exploit any flaw or vulnerability in software but rather used well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access.” commented Bert in his blog post. “We have learned enough about these new attacks, which began as early as May this year, that we can now provide actionable information which can be used to defend against this new approach.”

Nobelium’s success largely relies on common system processes that network engineers or IT managers rarely give thought to. For instance, the 2020 attack launched after Orion software update was compromised by Nobelium, which eventually allowed the group to introduce malware thanks to thousands of customers unknowingly deploying the software. However, Microsoft has reported that phishing and identity theft is a major strategy in this new campaign.

The sophistication and complexity of these attacks have some experts feeling pessimistic about combating these threats, but creating public awareness is shining more light on this increasing issue. Microsoft issued new technical guidance to help businesses and organizations recognize threat patterns and enhance security measures.

As it stands, the supply chain crisis is fueling anxiety about product availability for the upcoming holiday season. Business leaders can no longer afford to ignore warnings regarding security, so investing in counter measures should be a top priority.

Edited by Maurice Nagle

Editor, TechZone360

Related Articles

What Is Network Penetration Testing?

By: Contributing Writer    2/7/2023

Network penetration testing is a simulated cyber attack against a computer network to assess the security of the network and identify vulnerabilities.…

Read More

NASA and IBM Gain Better Climate Change Insight with AI

By: Greg Tavarez    2/7/2023

IBM and NASA's Marshall Space Flight Center plan to develop several new technologies to extract insights from Earth observations.

Read More

How to Future Proof Cybersecurity Postures in the Modern Enterprise

By: Contributing Writer    2/6/2023

Companies today are facing cyber threats that are constantly increasing in volume, severity and sophistication. Recently, Mailchimp, Riot Games and La…

Read More

Giving Commercial Building Managers the Edge, Veea and WYND Introduce Connected Indoor Air Quality Solution

By: Reece Loftus    2/3/2023

The partnership between WYND and Veea enables the modern, smart building to automate air operations and enable healthier spaces while saving energy at…

Read More

Making More of Kubernetes in Your Organization

By: Contributing Writer    2/1/2023

Kubernetes is an open-source container orchestration system for automating the deployment, scaling, and management of containerized applications. It w…

Read More