In December 2020, Microsoft came forward with details regarding what is now being considered the most extensive, severe cyberattack in history—the NOBELIUM attack. This shocking security breach by NOBELIUM, a group of Russian hackers, brought the cybersecurity world to a standstill with its well-planned and well-executed hacking. It compromised several organizations through a supply chain attack. Even companies with strong security systems found themselves victims, and others wondered if they would be next.
Stages of the NOBELIUM attacks
The first step in NOBELIUM’s nation-state attack was intruding into its targets’ environments. It gained unauthorized access into the network of an IT company and implanted a backdoor in one of the company’s software products. This in turn affected several enterprises and government organizations that were using the IT company’s software products.
Once it had access, NOBELIUM’s next step was spreading its malware. It bypassed security defenses and masked its activities in the regular system processes by hiding its malware in layers of additional code.
With solid knowledge of its targets’ environments, NOBELIUM methodically executed the final part of its plan. It gained access to source codes, harvested email addresses, stole top secrets, and spread its malware. The group went beyond its supply chain tactics and used common hacking techniques, like password spraying and spear phishing, to gain the information it needed.
Microsoft 365 and NOBELIUM
In 2021, Microsoft released a report warning that NOBELIUM was targeting delegated administrative privileges and abusing the Azure AD trust relationship and Azure cloud platform. Microsoft shared information based on its assessment and stressed how implementing multi-factor authentication and keeping an eye on activity logs could help keep such attacks at bay.
It became clear that NOBELIUM had been replicating its activities by targeting a different part of the supply chain. According to Microsoft, more than 140 resellers and technology service providers had become targets by May 2021, and almost 14 of them had been compromised.
Historically, nation-state attacks targeted governments. In recent years, 35% of all nation-state attacks targeted enterprises. Threats against vendors have risen by 78%, and Microsoft has sent 13,000 email alerts about nation-state attacks to its customers over the last two years.
The defense
Modern threats require modern solutions. The NOBELIUM attacks show the level of care and precision adversaries take in plotting their attacks. Detecting, preventing, and preparing for such an attack means having visibility into all of your security data related to your users and endpoints.
To learn more about managing and securing your Microsoft 365 services against similar cyberattacks, read our e-book, CISA’s 5 security hardening strategies to defend Microsoft 365 from NOBELIUM. Prepare for future attacks with ManageEngine.