The Russian threat actors behind the SolarWinds attacks, which Microsoft refers to as Nobelium, are allegedly conducting attacks using new tactics and malware. Just one year after the devastating SolarWinds supply-chain attacks, the perpetrators are compromising global businesses and government targets with the new malware, stealing data and moving laterally across networks. Cybersecurity firms have been able to link the threat actor to Russia’s spy agency. The new activity was first discovered by Mandiant, who published a report on its findings on Monday. Mandiant has been tracking the threat group since last year, observing its capabilities and reporting that it had compromised a range of companies in the technology sector over the past year.
Resellers were also the target of Nobelium’s most recent campaign, according to a Microsoft report released in October. In these attacks, the threat group was seen using tactics such as abuse of API, token theft, credential-stuffing, and phishing. The threat actors gathered legitimate account credentials and privileged access to reseller networks. Ultimately, it appeared that the campaign sought to reach downstream customer networks.
Read More: SolarWinds Attackers Spotted Using New Tactics, Malware