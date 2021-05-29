Microsoft has issued an alert regarding a wide-scale malicious email campaign undertaken by NOBELIUM, the threat actor behind the massive SolarWinds attacks in 2020, which is targeting sensitive government agencies, think tanks, consultants, and non-governmental organizations across the globe

Originating from Russia, NOBELIUM has been operating and evolving since early 2021, but recently the threat actor intensified the campaign. The latest attack is said to have targeted 3,000 email accounts at more than 150 different organizations, at least a quarter of which were involved in international development, humanitarian, and human rights work. According to Microsoft, American organizations have received the largest share of attacks

"Despite growing community visibility since the exposure of the SolarWinds attack in late 2020, NOBELIUM has continued to target government and diplomatic entities across the globe. We anticipate that as these operations progress, NOBELIUM will continue to mature their tools and tactics to target a global audience," the Microsoft Threat Intelligence Center (MSTIC) wrote in a blog post.

As reported by MSTIC, earlier this week, NOBELIUM gained access to the Constant Contact account of the United States Agency for International Development (USAID) and distributed malicious URLs to a wide variety of organizations and industry verticals.

Many of these attacks targeting Microsoft customers were automatically blocked by endpoint detection and response products while marking them as spam.

"More importantly, antivirus services, like Microsoft Defender Antivirus, and endpoint detection and response products, such as Microsoft Defender for Endpoint, are identifying and protecting against the malware being used in this wave of attacks and are working in combination with Microsoft Defender for Office 365," the company said.

In an updated blog post, Microsoft commended the collective work done by the security community to limit the damage done by this latest wave of phishing attacks, adding that there is no evidence of any significant number of compromised organizations at this time.

Microsoft has advised users to employ basic cybersecurity hygiene, including using multi-factor authentication (MFA), antivirus/antimalware software and avoid clicking on links in email, unless you can confirm reliability to minimize the risk of being phished. The tech giant also highlighted the need for clear rules governing nation-state conduct in cyberspace and clear expectations of the consequences for violation of those rules.