Nobelium Phishing Campaign Poses as USAID
#1
Information 
Quote:The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities.
 
Microsoft Threat Intelligence Center (MSTIC) began tracking this latest campaign of Nobelium (previously known as Solarigate) in late January when it was in the reconnaissance stage, and observed as it “evolved over a series of waves demonstrating significant experimentation,” according to a blog post by the Microsoft 365 Defender Threat Intelligence Team.
 
On Tuesday, researchers observed an escalation in the effort as the threat group began masquerading as a U.S.-based development organization to distribute emails – including the malicious URLs – using a legitimate mass-emailing service, Constant Contact, they said. The threat actors targeted a wide variety of organizations and industry verticals.
 
In addition to the widely disruptive SolarWinds incident, Nobelium is also the group behind the Sunburst backdoor, Teardrop malware and GoldMax malware. The group historically has targeted a wide range of organizations, including government institutions, NGOs, think tanks, the military, IT service providers, health technology and research companies and groups, and telecommunications providers.
 
The targets in the latest attack, which is ongoing, are 3,000 individual accounts across more than 150 organizations, “employing an established pattern of using unique infrastructure and tooling for each target, increasing their ability to remain undetected for a longer period of time,” researchers observed.
 
During the SolarWinds attack, Nobelium infected targets by pushing out the custom Sunburst backdoor via trojanized product updates to nearly 18,000 organizations around the globe. In this way, the attack, which started in March 2020, remained undetected until December, giving the attackers time to pick and choose which organizations to further penetrate and resulting in a sprawling cyberespionage campaign that significantly affected the U.S. government and tech companies, among others.
 
There are a number of key differences between that attack and this latest campaign, which researchers attributed to “changes in the actor’s tradecraft and possible experimentation following widespread disclosures of previous incidents,” they said.

Read more: Nobelium Phishing Campaign Poses as USAID | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Nobelium Phishing Campaign Poses as USAID - by silversurfer - 28 May 21, 17:47

Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>