Microsoft Targeted By Russian State-Sponsored Threat Group Nobelium In Security Breach
This threat actor group known as Nobelium, among many other names, such as Midnight Blizzard, Cozy Bear, or APT-29, is a group with ties to Russia’s Foreign Intelligence Service (SVR). This group has also been tied to the SolarWinds supply chain attacks of 2020 and 2021, where an estimated 18,000 SolarWinds Orion customers had data accessed in some capacity. Since then, the group has continued its nefarious activities, pivoting more toward stealthy intelligence collection and surveillance, specifically targeting government officials and organizations of relevance.
One such organization that fell under the eye of Nobelium is Microsoft, which has done significant research on the group. As such, Nobelium attempted to and successfully gained access to Microsoft’s data. This was done through a password-spraying attack to get into an account that Microsoft used for testing. This account was then leveraged to access a “very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in cybersecurity, legal, and other functions.” With this access, the threat actors were able to nab some emails and attached documents while on the hunt for information, Microsoft held about the group itself.
With this attack, Microsoft notes that it must make immediate changes to security regarding Microsoft-owned legacy systems and internal business processes. This will come no matter the impact, as Microsoft must balance security and business risks posed by nation state-backed threat actors. Of course, Microsoft's leaning on the fact that this attack came from a nation-state actor should not take away the fact that these security steps should have probably happened sooner. Regardless, it also shows that anyone can be breached at any time, given the current state of cybersecurity, and as such, everyone should heed these warnings, learn from the case studies and remained informed.
