Nobelium is the organization of cyber espionage having compromised the supply chain of SolarWinds. This was again linked to a series of attacks targeting several cloud computing solutions providers, services and reseller companies. The hacker group continues to refine its tactics in response to public disclosures.
Intrusions concern UNC3004 and UNC2652, 2 groups associated with UNC2452, an uncategorized group of threats. The latter also seems to have been linked to Russian intelligence services. UNC2652 has targeted diplomatic entities with phishing emails containing HTML attachments with malicious JavaScript.
Russia singled out for malicious activities
They are researchers from Mandiant who have closely followed this case. The team is made up of Luke Jenkins, Sarah Hawley, Parnian Najafi and Doug Bienstock. For the occasion, they published a new report.
“In most cases, post-compromise activities included the theft of data relevant to Russian interests. (…) In some cases, data theft seems to have been done primarily to create new avenues of access to other victim environments. “
The revelations come exactly one year after details of a Kremlin-backed hacking campaign emerged. Hackers had entered the network management vendor’s servers SolarWinds. The thugs had succeeded in spreading corrupted software binaries to large clients, including 9 US federal agencies.
Innovative tactics used for dishonorable purposes
Once again, this case shows that hackers redouble their efforts to break into new victims. Recently, Microsoft even qualified Nobelium as“Skilled and methodical operator who follows the best practices of operational security (OpSec)”.
Since the SolarWinds incident, the APT group was suspected of participating in attacks targeting think tanks, businesses and government entities around the world.
Nobelium also uses a new tool called Ceeloader, a bespoke downloader designed for decrypt a shellcode payload. The goal is to run it in memory on the compromised system. There will also be push notifications on smartphones to bypass multi-factor authentication (MFA) methods.
With the ingenuity of today’s pirates, governments are right to tremble. His SolarWinds hackers are just one example. Indeed, the China recently seized 42 domains used by a group of cyber espionage. Will other countries be able to do the same?
.
Source From: Fredzone
I am a technology author with 8 years of experience in journalism. My writing covers the latest technology advancements and trends, drawing on my expertise in news journalism and social media platforms. I have contributed to major media outlets such as The New York Times, The Wall Street Journal, and Reuters.
