[MART] - Daily Diary #376 - Nobelium APT Targets Global IT Supply Chain

CTAS-MAT ctas-mat at appgate.com
Mon Oct 25 18:55:38 UTC 2021 

Hello,

I hope everyone is doing well!

Below is the entry for today.

10/25/2021 - Diary entry #376:

Nobelium is a Russian-based cybercrime APT group that employs advanced techniques for espionage and data exfiltration. Also known as Cozy Bear, they were responsible for the SolarWinds' incident covered in multiple of our Daily Diaries (such as #168, #171, #176, and #178). More recently, since May 2021, the group has targeted 140 managed service providers (MSPs) and cloud service providers, successfully breaching 14 of them.

Nobelium is trying to leverage any direct access that resellers have to their customers' IT systems, by targeting different parts of the supply chain, such as MSPs that manage cloud services. Like in the SolarWind incident, the group tries to impersonate an organization's trusted technology partner to gain access to their customers. Then, they use well-known techniques, such as password spray, token theft, and spear-phishing to obtain account credentials and privileged access to victims' systems.

These recent attacks and others, like the Autodesk software being targeted by the group during the SolarWind incident (covered in Daily Diary #340), confirms that the threat actors are trying to gain long-term access to multiple points in the supply chain to establish a complex structure of surveillance.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20211025/45d52631/attachment.htm>

More information about the MART mailing list