Another Nobelium Cyberattack

May 27, 2021    |   Tom Burt - Corporate Vice President, Customer Security & Trust

This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations. This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work. Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020. These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.   

Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. Constant Contact is a service used for email marketing. From there, the actor was able to distribute phishing emails that looked authentic but included a link that ,  when clicked ,  inserted a   malicious file used to distribute a backdoor we call   NativeZone .  This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network. You can read more about the technical aspects of these attacks in  this blog post  from the Microsoft Threat Intelligence Center (MSTIC).  

Leave a Comment