• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Nobelium Threat Group Sets Sights on IT Providers

October 30, 2021 By Josh Stuifbergen

The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise.

MSTIC provides an example of the Nobelium group seeking access to one end target via compromise of four separate providers.

Image from MSTIC Nobelium Example

Nobelium continues to focus on high-value targets similar to their SolarWinds operation. The difference is, where Nobelium sought to compromise downstream SolarWinds customers through a software update altered with a backdoor, this campaign targeted IT providers to acquire administrative level access credentials used to manage customer assets. The group targeted user accounts that were likely to contain administrative wide access to the IT providers systems through several means, such as spear phishing and token theft.  IT providers need to stay vigilant against a persistent threat such as Nobelium.

Microsoft offers advice for companies to seeking to harden their systems. Some recommendations are to utilize available multifactor authentication tools, review and enforce compliance policies, and follow the principle of least privilege, especially for administrative access. More detail on these measures can be found on their blog post.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Cloud Service Providers, CSP, Managed Service Providers, Microsoft, Microsoft Threat Intelligence Center, MSP, MSTIC, Nobelium, SolarWinds

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Most Exploited Vulnerabilities of 2021
  • The REturn of REvil?
  • 195 CISA Guidance for MSPs
  • Psychic Signatures

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Building Security Strategies with Matt Lee
  • CISA Guidance for MSPs
  • The REturn of REvil?
  • Most Exploited Vulnerabilities of 2021
  • Psychic Signatures
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use