Russian Backed Nobelium group has compromised the global IT supply chain.
Nobelium has breached at least 14 cloud providers and attacked 140 managed tech service providers since May. The tools of their trade have been spear phishing, token theft, malware, password sprays, and API abuse. The main targets of their attacks are focused on managed cloud service providers, and technology service providers and, their resellers. Microsoft threat protection detected the breach and has been notifying impacted targets of the attacks. 140 resellers of technology service providers so far, have been informed of the intrusion by Nobelium but Microsoft believes over 600 customers have been targeted. These attacks on at least 600 customers has been attempted numerous times, 22,868 to be exact. The Nobelium group is still trying to establish access to the systems of their targets of interest, giving them long term espionage and exfiltration channels. Nobelium has been disclosed buy the US DOJ to be a division of the Russian Foreign Intelligence Service. Even after being successful on breaching SolarWinds, campaigns known by the US DOJ as, GoldMax, GoldFinder, BoomBox, VaporRage, EnvyScout, NativeZone, and Sibot, have surfaced and been traced back to Nobelium. Within these numerous campaigns, at least 27 US attorneys’ offices, and 24 government agencies have been breached. The impacted entities are being contacted by Microsoft Threat Intelligence Center and have been given measures to combat the current threats and the ongoing attacks from Nobelium.