In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that targeted SolarWinds in 2020. The U.S. government has identified Nobelium as part of Russia’s foreign intelligence service known as the SVR.

Microsoft warns that the activity they are seeing appears to focus on cloud service resellers, technology providers, and their downstream customers in Europe and the U.S. organizations are urged to take notice and act to mitigate the risk of compromise.

Abusing Digital Trust Relationships

The ongoing wave of attacks is designed to abuse trusted relationships, such as delegated administrative privilege (DAP). Those can enable attackers to move through the channels that underpin provider/customer relationships. With the goal of compromising accounts at the service provider level, activity has persisted through summer of 2021 and does not appear to exploit any specific vulnerabilities. Instead, the attackers are reported to be using a toolkit of malware, password spraying, API abuse, and spear-phishing to obtain stolen credentials and infiltrate networks with privileged access.

These attack tactics are not novel, and organizations can arm themselves better to reduce the chance of compromise by using multi-factor authentication. Further mitigation can come from restricting the use of privileged access by employees and third parties alike. It is also recommended to review DAP and terminate unused access or places where suspicious activity may have been logged.

Remain Vigilant

At this time, IBM recommends that organizations with increased risk to Nobelium attacks begin looking into their specific implementations, both in cloud environments and on premises.

IBM is closely monitoring the overall situation and is engaged with clients and the security community. More details can be found in our designated X-Force Exchange collection, which will be updated as this situation evolves.

Assistance is also available to assist 24×7 via IBM Security X-Force’s US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from Government

What’s Going Into NIST’s New Digital Identity Guidelines?

One of this year’s biggest positive cybersecurity events comes from the National Institute of Standards and Technology (NIST). For the first time since 2017, NIST is updating its digital identity guidelines. These new guidelines will help set the course for best practices in handling digital identity for organizations across all sectors. What is Digital Identity? To grasp the update’s importance, it helps to understand the role of digital identity in an organization’s security posture. In its 2017 guidelines, NIST defines…

Who Will Be the Next National Cyber Director?

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next? As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the…

How Much is the U.S. Investing in Cyber (And is it Enough)?

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes. To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going…

What the New Federal Cybersecurity Act Means for Businesses

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The risk of quantum-powered password decryption is increasing exponentially. The new legislation is designed to help federal agencies proactively shift to a post-quantum security posture. Agencies have until May 4, 2023, to submit an inventory of potentially vulnerable systems, and the Act directs the Office of Management and Budget (OMB) to prioritize the adoption of post-quantum cryptography standards. For businesses, government efforts to address emerging quantum risks…