September 22, 2023

The Russian-based hacking group, called Nobelium, managed to compromise an email marketing account for USAID and has distributed phishing emails with attached malware to the targeted companies. Earlier last year they are behind massive SolarWinds attack

Nobelium started its attacks this week by breaching USAID’s “Constant Contact” account, which is simply an email marketing account. The threat actors were “able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor NativeZone, which infects victim and steal data

All this malicious activity was blocked for Microsoft customers running Windows Defender. However, this is not something to rest on, as three major things make this attack notable, First and foremost, this attack unveils Nobelium’s standard playbook of “gain[ing] access to trusted technology providers and infect their customers.” This technique can have expansive ramifications, including increasing collateral damage in espionage while also undermining “trust in the technology ecosystem.”

Nobelium has been targeting organizations that affect issues of concern to the country from which they are operating.

Microsoft will continue to track Nobelium, and USAID has likely started an investigation to figure out how the initial breach happened. Hopefully, this attack and the recent Colonial Pipeline attack will spur better legislation and rules for cybersecurity.

Tags:

Leave a Reply

You may have missed

Apple fixes trio of Zeroday Exploits

September 22, 2023

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023
%d bloggers like this: