Microsoft warns of rising NOBELIUM credential attacks on defence sector

The NOBELIUM group is also known as Midnight Blizzard.
Microsoft warns of rising NOBELIUM credential attacks on defence sector

The NOBELIUM hackers have been linked to Russia and are known for targeting the SolarWinds hack in 2021.

Microsoft has detected a significant surge in credential attack activity orchestrated by the notorious threat actor known as Midnight Blizzard. What sets these attacks apart is the cunning use of residential proxy services to conceal the origin of their malicious activities.

The targets of these nefarious acts include governments, IT service providers, NGOs, defence industry entities, and critical manufacturing units.

Midnight Blizzard, also known by their codename NOBELIUM, employs a range of sophisticated techniques to carry out these credential attacks. The arsenal includes password spray, brute force, and token theft methods.

To compound the threat, the threat actor has been found to employ session replay attacks, allowing them to gain initial access to cloud resources by leveraging stolen sessions likely obtained through illicit means.

One particularly notable aspect of these attacks is the use of low-reputation IP addresses, commonly associated with residential proxy services. By employing compromised credentials, Midnight Blizzard manages to obscure their connections and make it exceedingly difficult to trace their activities.

In a series of tweets, Microsoft explained that to further complicate matters, the threat actor utilizes these IP addresses for brief periods, posing significant challenges to effective scoping and remediation efforts.

It is worth noting that Midnight Blizzard or NOBELIUM is the same group that was behind the devastating SolarWinds hack in late 2021.

NOBELIUM hits IT firms and defence sector in new credential hacks

To counteract this escalating threat, Microsoft has fortified its defence measures. Microsoft Defender Antivirus, Defender for Endpoint, Defender for Cloud Apps, and Azure Active Directory have all been equipped with robust protections and enhanced detection mechanisms to guard against these attacks.

  1. SolarWinds Hackers Using New Backdoor ‘MagicWeb’
  2. Military Satellite Access Sold on Russian Hacker Forum
  3. Microsoft: Nobelium hackers using FoggyWeb backdoor
  4. Ukrainian Hacktivists Trick Russian Military Wives for Data
  5. British Airways and BBC Hit by Suspected Russian Hackers
Related Posts