Last week’s phishing attacks were important to disclose because they were evidence of a new campaign by a sophisticated adversary. We saw and shared publicly Nobelium’s extensive experimentation in the early stages of its campaign – experiments consistent with Nobelium’s established practice to avoid detection and remain persistent in victim networks, Tom Burt, Microsoft corporate VP, customer security, writes in a blog post.
Last week, Microsoft announced that Nobelium, a skilled hacking group associated with the Russian SVR and behind the SolarWinds attack last year, was engaged in phishing attacks targeting thousands of accounts at hundreds of government and human rights agencies.
The company has now informed that they still not seeing evidence of any significant number of compromised organizations at this time.
“At Microsoft, we receive more than eight trillion signals every day from our network. Our expert cybersleuths use advanced technology and deep experience to comb this data for signs of attacks so that we can notify and protect our customers. We also share information about attacks we discover with the public so that others in government and the private sector can take steps to defend against adversaries and so that policymakers can be well informed.”
“But not every attack is the same, and so not every attack requires the same response. Last week’s phishing attacks were a far cry from the ransomware attacks that, in recent years, have shut down local government agencies across the US, interrupted health care and, most recently, stopped the flow of oil in the Colonial Pipeline.”
“Last week’s phishing attacks, in contrast, were focused on espionage targets and did not corrupt a core process essential to the security of the digital ecosystem. And, due in part to being caught early and good defensive technology, last week’s attacks were mostly unsuccessful.”
“More impactful nation-state attacks continue to occur, however. With SolarWinds, the Exchange Server attacks from early this year and now this phishing attack, it is clear we must accelerate the work underway by the private sector and government to address our collective cybersecurity.”