fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Nobelium Hackers Accessed Microsoft Customer Support Tools

Nobelium Hackers Accessed Microsoft Customer Support Tools

Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent’s computer that exposed customer’s subscription information.

Nobelium is Microsoft’s name for a state-sponsored hacking group believed to be operating out of Russia responsible for the SolarWinds supply-chain attacks

In a new blog post published Friday night, Microsoft states that the hacking group has been conducting password spray and brute-force attacks to gain access to corporate networks.

Password spray and brute force attacks are similar in that they both attempt to gain unauthorized accounts to an online account by guessing a password. However, password spray attacks will attempt to use the same passwords across multiple accounts simultaneously to evade defenses. In contrast, brute force attacks repeatedly target a single account with different password attempts.

Microsoft says that Nobelium’s recent attacks have been mostly unsuccessful. However, they know of three entities that were breached by Nobelium in these attacks.

“This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services,” Microsoft said in a blog post about the attacks.

“The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada.  In all, 36 countries were targeted.”

Also Read: 3 Reasons Why You Must Take a PDPA Singapore Course

Microsoft support tools accessed by hackers

During the investigation into the attacks, Microsoft also detected an information-stealing trojan on a Microsoft customer support agent’s computer that provided access to “basic account information” for a limited number of customers.

Nobelium used this customer information in targeted phishing attacks against Microsoft customers.

Microsoft reported these attacks after Reuters obtained an email sent to affected customers warning them that the threat actors gained access to information about their Microsoft Services subscriptions.

“A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” read the Microsoft email obtained by Reuters.

Nobelium’s recent activity

The Nobelium hacking group, also known as APT29, Cozy Bear, and The Dukes, has been attributed to the recent SolarWinds supply chain attack that compromised numerous US companies, including MicrosoftFireEyeCiscoMalwarebytesMimecast, and various US government agencies.

As part of these attacks, the threat actors replaced legitimate modules in the SolarWinds Orion IT monitoring platform that were distributed to customers via the software’s normal auto-update process. These malicious modules allowed the threat actors to gain remote access to compromised devices, where further internal attacks could be launched.

In April, the US government formally accused the Russian government and hackers from the Russian Foreign Intelligence Service, the SVR, of the attacks on Solarwinds and US interests.

More recently, Microsoft revealed that the hacking group compromised the Constant Contact account for USAID, a US agency responsible for providing foreign aid and development assistance.

Using this marketing account, Nobelium conducted targeted phishing attacks to distribute malware and access internal networks.

Also Read: The Difference Between GDPR and PDPA under 10 Key Issues

USAID phishing email sent by Nobelium hackers
USAID phishing email sent by Nobelium hackers

The US Department of Justice later seized two domains used in the phishing attacks to distribute malware.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us