Jun 25, 2021 - Technology

Microsoft sees targeted attacks from Russia-based group

Microsoft
Photo: Chesnot / Getty Images

Microsoft said Friday it has seen new attacks from the Russia-based group responsible for the attacks last winter on SolarWinds customers.

Driving the news: The company indicated the activity was targeted at specific customers including IT companies, government agencies, non-governmental organizations and think tanks, and financial services.

  • Microsoft refers to the attackers as Nobelium, and said the activity involved password spray and brute-force attacks.
  • The company detected information-stealing malware on a machine that belonged one of its workers with access to basic account information for a "small number" of its customers, and the attacker used the information to launch "highly targeted attacks" as part of a broader campaign. Microsoft says it has secured the device.
  • It added that it's aware of three "compromised entities," but the majority of targets were not successfully compromised. All customers that were targeted were notified.

What they're saying: A U.S. government official told Axios that Microsoft has seen limited impact, and that it appears to be "largely unsuccessful run of the mill espionage."

Flashback: Nobelium recently targeted human rights and international aid groups.

Editor's note: This story has been updated to include information from a U.S. government official.

Go deeper