Skip to main content

How Microsoft partners should prepare for Nobelium attacks

by Eamon McCarthy Earls
Assistant Editor,
October 25 2021

Microsoft has released new guidance for partners to prepare for attacks by the threat attacker known as Nobelium that was behind the SolarWinds hack in 2020. Microsoft Threat Intelligence Center has recorded attempted exploits by Nobelium, which usually follows a compromise-one to compromise-many strategy.

Commonly, Nobelium targets privileged accounts with service providers to move laterally. To accomplish this it relies on password sprays, advanced malware, token theft, API abuse, supply chain attacks, and spear phishing. The Microsoft blog post explained:

In the observed supply chain attacks, downstream customers of service providers and other organizations are also being targeted by Nobelium. In these provider/customer relationships, a customer delegates administrative rights to the provider to allow the provider to manage the customer’s tenants as if they were an administrator within the customer’s organization. By stealing credentials and compromising accounts at the service provider level, Nobelium can take advantage of several potential vectors, including but not limited to delegated administrative privileges (DAP), and then leverage that access to extend downstream attacks through trusted channels like externally facing VPNs or unique provider-customer solutions that enable network access.

How can Microsoft's partners prepare?

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Eamon McCarthy Earls

As the assistant editor at and, Eamon helps to oversee editorial content on the site and supports site management and strategy. He can be reached at

Before joining, Eamon was editor for at TechTarget, where he covered networking technology, IoT, and cybersecurity. He is also the author of multiple books and previously contributed to publications such as the Boston Globe, Milford Daily News, and DefenceWeb.