In 2021, the Microsoft Threat Intelligence Center discovered a new malicious email campaign by NOBELIUM, a group of hackers that has carried out nation-state attacks, and has continued to track it. In the latest phishing attack, NOBELIUM’s targets were 3,000 individual accounts spread over 150 organizations. The campaign hit its peak when the group managed to compromise Constant Contact, the mass email marketing service, and took control of the account used by the United States Agency for International Development.

Phishing attacks

There are more than 25 types of malicious email techniques, and phishing is the most common. According to the latest Microsoft Digital Defense Report, Microsoft Exchange experienced a rise in phishing emails from June 2020 to June 2021 in its global mail flow. In December 2021, the Anti-Phishing Working Group recorded 316,747 phishing attacks, which is the highest monthly number ever observed since the program began in 2004. Out of the malicious emails reported by corporate users, credential theft phishing was the most common type of attack (51.8%). There were also response-based attacks (38.6%) and malware delivery (9.6%).

Securing your organization

In previous attacks, NOBELIUM targeted think tanks, military and government organizations, and IT suppliers. It has changed its modus operandi from piggybacking on software updates to gaining access to trusted email service providers and infecting their customers. Its recent campaign’s victims spanned at least 24 countries, but the majority were in the United States.

Threat actors are experimenting with their cyberattack tactics in a way that makes securing your systems all the more crucial. Popular email services like Microsoft Exchange Online could be targeted next, so you need to be protected against phishing attacks that could compromise the security of your organization. This is where defending your Microsoft 365 environment comes in.

Download our free e-book to learn more about the various techniques used by NOBELIUM in its latest phishing attack against Constant Contact and how you can protect your Microsoft 365 environment against such threats.