Suspected Russian Activity Targeting Government and Business Entities Around the Globe

As the one-year anniversary of the discovery of the SolarWinds supply chain compromise passes, Mandiant remains committed to tracking one of the toughest actors we have encountered. These suspected Russian actors practice top-notch operational security and advanced tradecraft. However, they Read More …

NOBELIUM targeting delegated administrative privileges to facilitate broader attacks

The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations Read More …

DarkHalo after SolarWinds: the Tomiris connection

In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of Read More …

Russian hackers had months-long access to Denmark’s central bank

Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected. The breach was part of the SolarWinds cyber espionage campaign last year Read More …

Nobelium hackers accessed Microsoft customer support tools

Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent’s computer that exposed customer’s subscription information. Nobelium is Microsoft’s name for a state-sponsored hacking group believed to be operating Read More …

Russian gang behind SolarWinds hack returns with phishing attack disguised as mail from US aid agency

Nobelium, the Russia-aligned gang identified as the perpetrators of the supply chain attack on SolarWinds’ Orion software, has struck again, Microsoft vice president Tom Burt in a blogpost Thursday. Burt’s post says the attacks saw Nobelium gain access to accounts Read More …