NOBELIUM is the group behind the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. Known for its undetectable attack techniques, NOBELIUM’s recent malicious email campaign was detected in January 2021 by the Microsoft Threat Intelligence Center. After experimenting with and evolving the delivery techniques, NOBELIUM targeted 3,000 individual accounts spanning 150 countries. The campaign reached its peak when the group utilized a legitimate mailing service called Constant Contact to deliver malicious payloads.
This is an ongoing and active threat as of September 29, 2021. Though it may seem like a typical phishing email containing dubious links, it’s more than that. The sophisticated techniques used by NOBELIUM to deliver malicious payloads require special attention.
Overlooking this attack may result in:
-
Compromised high-value user accounts.
-
Loss of sensitive information.
-
Well-established command and control capability over critical assets in the IT environment.
-
Violation of compliance policies like the GDPR, HIPAA, and PCI DSS.
We’ve put together an e-book titled How to protect Microsoft 365 from the NOBELIUM hackers’ phishing attack to help you tackle this threat. This e-book covers:
-
An introduction to NOBELIUM.
-
Email delivery techniques used by the attackers.
-
Indicators of compromise for this attack.
-
Mitigation techniques that can be used.
Click here to grab your free copy of the e-book!