How Microsoft partners should prepare for Nobelium attacks
Microsoft has released new guidance for partners to prepare for attacks by the threat attacker known as Nobelium that was behind the SolarWinds hack in 2020. Microsoft Threat Intelligence Center has recorded attempted exploits by Nobelium, which usually follows a compromise-one to compromise-many strategy.
Commonly, Nobelium targets privileged accounts with service providers to move laterally. To accomplish this it relies on password sprays, advanced malware, token theft, API abuse, supply chain attacks, and spear phishing. The Microsoft blog post explained:
In the observed supply chain attacks, downstream customers of service providers and other organizations are also being targeted by Nobelium. In these provider/customer relationships, a customer delegates administrative rights to the provider to allow the provider to manage the customer’s tenants as if they were an administrator within the customer’s organization. By stealing credentials and compromising accounts at the service provider level, Nobelium can take advantage of several potential vectors, including but not limited to delegated administrative privileges (DAP), and then leverage that access to extend downstream attacks through trusted channels like externally facing VPNs or unique provider-customer solutions that enable network access.
How can Microsoft's partners prepare?
FREE Membership Required to View Full Content:
Joining MSDynamicsWorld.com gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here