Jun 25, 2021 - Technology

Microsoft sees targeted attacks from Russia-based group

Margaret Harding McGill

Microsoft said Friday it has seen new attacks from the Russia-based group responsible for the attacks last winter on SolarWinds customers.

Driving the news: The company indicated the activity was targeted at specific customers including IT companies, government agencies, non-governmental organizations and think tanks, and financial services.

Microsoft refers to the attackers as Nobelium, and said the activity involved password spray and brute-force attacks.
The company detected information-stealing malware on a machine that belonged one of its workers with access to basic account information for a "small number" of its customers, and the attacker used the information to launch "highly targeted attacks" as part of a broader campaign. Microsoft says it has secured the device.
It added that it's aware of three "compromised entities," but the majority of targets were not successfully compromised. All customers that were targeted were notified.

What they're saying: A U.S. government official told Axios that Microsoft has seen limited impact, and that it appears to be "largely unsuccessful run of the mill espionage."

Flashback: Nobelium recently targeted human rights and international aid groups.

Editor's note: This story has been updated to include information from a U.S. government official.

Add Axios on Google

Microsoft sees targeted attacks from Russia-based group

What to read next