Jun 25, 2021 - Technology
Microsoft sees targeted attacks from Russia-based group
Microsoft said Friday it has seen new attacks from the Russia-based group responsible for the attacks last winter on SolarWinds customers.
Driving the news: The company indicated the activity was targeted at specific customers including IT companies, government agencies, non-governmental organizations and think tanks, and financial services.
- Microsoft refers to the attackers as Nobelium, and said the activity involved password spray and brute-force attacks.
- The company detected information-stealing malware on a machine that belonged one of its workers with access to basic account information for a "small number" of its customers, and the attacker used the information to launch "highly targeted attacks" as part of a broader campaign. Microsoft says it has secured the device.
- It added that it's aware of three "compromised entities," but the majority of targets were not successfully compromised. All customers that were targeted were notified.
What they're saying: A U.S. government official told Axios that Microsoft has seen limited impact, and that it appears to be "largely unsuccessful run of the mill espionage."
Flashback: Nobelium recently targeted human rights and international aid groups.
Editor's note: This story has been updated to include information from a U.S. government official.