Dec 7, 2021
0 0

France warns of Nobelium cyberspies attacking French orgs

Written by

Microsoft offers 50% subscription discounts to Office pirates
Russian hacking group uses new stealthy Ceeloader malware
France warns of Nobelium cyberspies attacking French orgs
Microsoft seizes sites used by APT15 Chinese state hackers
Microsoft starts rolling out redesigned Notepad for Windows 11
New Cerber ransomware targets Confluence and GitLab servers
Google disrupts massive Glupteba botnet, sues Russian operators
27 flaws in USB-over-network SDK affect millions of cloud users
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
France warns of Nobelium cyberspies attacking French orgs
The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year’s SolarWinds hack has been targeting French organizations since February 2021.
While ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) has not determined how Nobelium compromised email accounts belonging to French orgs, it added that the hackers used them to deliver malicious emails targeting foreign institutions.
In turn, French public orgs were also the targets of spoofed emails sent from servers belonging to foreign entities, believed to be compromised by the same threat actor.
The infrastructure used by Nobelium in the attacks against French entities was mainly set up using virtual private servers (VPS) from different hosting companies (favoring servers from OVH and located close to the targeted countries).
“Overlaps have been identified in the tactics, techniques & procedures (TTP) between the phishing campaigns monitored by ANSSI and the SOLARWINDS supply chain attack in 2020,” ANSSI explained in a report published today.
To defend against this hacking group’s attacks, ANSSI recommends restricting the execution of email attachments to block malicious files delivered in phishing campaigns.
The French cyber-security agency also advises at-risk organizations to tighten Active Directory security (and AD servers in particular) using its Active Directory security hardening guide.
CERT-FR Nobelium attacks
Nobelium, the hacking group behind last year’s SolarWinds supply-chain attack, which led to the breach of multiple US federal agencies, is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, The Dukes, or Cozy Bear.
The US government formally accused the SVR division in April of orchestrating the “broad-scope cyber espionage campaign” that hit SolarWinds.
Cybersecurity firm Volexity also linked the attacks to the same threat actor based on tactics observed in incidents starting with 2018.
In May, the Microsoft Threat Intelligence Center (MSTIC) shared info on a Nobelium phishing campaign targeting government agencies from 24 countries worldwide.
As further reported by Microsoft in recent months, Nobelium is still targeting the global IT supply chain, having attacked 140 managed service providers (MSPs) and cloud service providers and breached at least 14 since May 2021.
Nobelium also targeted Active Directory Federation Services (AD FS) servers, attempting to compromise governments, think tanks, and private companies from the US and Europe using a new passive and highly targeted backdoor dubbed FoggyWeb.
Microsoft revealed in October that Nobelium was the most active Russian hacking group between July 2020 and June 2021, coordinating the attacks behind 92% of alerts Microsoft sent to customers regarding Russia-based threat activity.
Earlier today, Mandiant linked the hacking group to attempts to breach government and enterprise networks around the world by targeting their MSPs with a new backdoor dubbed Ceeloader designed to deploy further malware and harvest sensitive info of political interest to Russia.
Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May
Microsoft: Russian state hackers behind 53% of attacks on US govt agencies
Russian hacking group uses new stealthy Ceeloader malware
A New North Korean Hacker Group Is Making a Name for Itself
Iranian state hackers use upgraded malware in attacks on ISPs, telcos
Not a member yet? Register Now
Convincing Microsoft phishing uses fake Office 365 spam alerts
Malicious Excel XLL add-ins push RedLine password-stealing malware
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.