Rewterz Threat Alert – FormBook Malware – Active IOCs
October 25, 2021Rewterz Threat Advisory – CVE-2021-34362 – QNAP NAS Vulnerability
October 26, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
October 25, 2021Rewterz Threat Advisory – CVE-2021-34362 – QNAP NAS Vulnerability
October 26, 2021Severity
High
Analysis Summary
Russian Threat actor Nobelium which were behind infamous Solar Wind attacks in 2020 are now targeting hundreds of IT Global supply chain US companies. In a blogpost shared by Microsoft it was confirmed by the authorities that the Russian State Sponsored group Nobelium in a fresh wave of attacks are targeting “resellers and other technology service providers” of cloud services. which were part of a broader campaign over the summer, it also added that Microsoft has informed 609 customers between July 1 and Oct. 19 that they had been attacked.
It was notified that only few attempts of breach were successful in this fresh campaign “Microsoft told to NewYork Times” which first reported the breach, whereas as a senior Cyber Security official confirmed about the breach calling it “unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.”
The techniques used in this latest campaigns are password spray and phishing to steal credentials and gain unauthorized access for information theft and espionage. This also indicates long term planning of state sponsored groups in Russian to gain significant advantage over US for tighter surveillance and mechanism to use information for the gains of Russian government for now or in the future.
Impact
- Unauthorized access
- Exposure of sensitive data
- Information theft and espionage
Remediation
Microsoft has released Technical Guidance for service providers to ensure safety and help organizations protect themselves against the latest Nobelium activity.