14 DAY TRIAL // Nobelium, the Russian hacking group responsible for last year's big SolarWinds hack, has struck again. This time, it used cloud email marketing firm Constant Contact in a phishing attempt that compromised 3,000 email accounts across 150 companies, according to CRN.
According to Tom Burt, Microsoft’s corporate vice president of customer security and trust, "Nobelium launched this week’s attacks by gaining access to the Constant Contact account of the United States Agency for International Development".
In a blog post dubbed Another Nobelium Cyberattack, Microsoft highlighted the newest intrusion from the state-sponsored hackers, warning that part of Nobelium's playbook is to get access to trusted technology suppliers and infect their clients.
According to Microsoft, Nobelium initiated the attack this week not by using the SolarWinds Orion network monitoring tool like last time. Now they accessed the United States Agency for International Development account Constant Contact.
Tom Burt noted “Using the legitimate mass mailing service Constant Contact, Nobelium attempted to target around 3,000 individual accounts across more than 150 organizations”.
“Due to the high-volume campaign, automated systems blocked most of the emails and marked them as spam. However, automated systems might have successfully delivered some of the earlier emails to recipients”.
USAID promotes what it calls U.S. national security and economic development as a way to demonstrate American generosity.
Phishing emails distributed by Nobelium seemed legit
Nobelium was able to distribute phishing emails that appeared to be genuine but contained a link that, when clicked, contained a malicious file designed to spread a backdoor called NativeZone. All this was possible due to access to the Constant Contact email service through the USAID account. This backdoor could be used for a variety of operations, from stealing data to infecting other machines on a network, as Burt explained.
The software titan stated that it was in the process of alerting all clients who had been targeted.
According to Microsoft, while most of the attacks on companies were perpetrated in the United States, the victims came from at least 24 nations.
Nobelium is the same state-sponsored group responsible for last year's major breach of the SolarWinds Orion network monitoring tool. Nobelium gained access to U.S. government agencies, key infrastructure facilities, and private sector companies. This nation-state hack sent shockwaves around the world.
Allen Falcon, CEO of Cumulus Global, a Microsoft partner based in Westborough, believes the latest incident, like so many others before it, will not have a chilling effect on cloud services.
Whether in the cloud or not, cyber attackers will continue to target identities as they grant access to both on-premise and cloud-based systems, he said.
According to Falcon, in response, Microsoft partners must continue to ensure that their ecosystems are secure and do not pose a threat to their customers. They also need to educate their customers about the threats and practical techniques to secure their organizations. Moreover, they need to implement and manage security environments with multiple vectors and layers, and provide solutions to respond to and recover from security breaches if they occur.