Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

APT

Microsoft: Russia-linked SolarWinds hackers breached three new entities

Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations. Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29, have conducted new cyber attacks against other organizations. Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts. […]

APT28

Microsoft discovered that Russia-linked SolarWinds hackers, tracked as Nobelium, have breached the network of three new organizations.

Microsoft revealed on Friday that Russia-linked SolarWinds hackers, tracked as Nobelium or APT29, have conducted new cyber attacks against other organizations.

Threat actors carried out brute-force and password spraying attacks in an attempt to gain access to Microsoft customer accounts.

Microsoft pointed out that the recent campaign was mostly unsuccessful and most of the attempts failed, but confirmed to be aware of three compromised entities to date. Compromised and targeted entities are being contacted through the Microsoft nation-state notification process.

Most of the targeted organizations are IT companies (57%), followed by government organizations (20%). The hackers also targeted non-governmental organizations and think tanks, as well as financial services.

“The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada.  In all, 36 countries were targeted.” reads the post published by Microsoft.

“As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers. The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.”

Microsoft also discovered that the nation-state actors employed information-stealing malware on the device of one of its employees working as a customer support agent. The IT giant quickly removed the access and secured the device. 

The attackers aimed at stealing this information to use them in highly targeted attacks as part of their campaign.

The customer’s agent device has been secured, the company added.

Microsoft highlights the importance of best practices such as Zero-trust architecture and multi-factor authentication to prevent these attacks. Below the additional information on best practices shared by the IT giant:  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Nobelium)

[adrotate banner=”5″]

[adrotate banner=”13″]