Russia-backed group unleashes new cyber-attack on human rights bodies, govt agencies: Microsoft

Russian cyber attack
Microsoft refers to the attackers as Nobelium

Russian threat actor Nobelium has launched cyber-attacks targeting organizations involved in international development, humanitarian and human rights work. Earlier in 2020, Nobelium was also involved in the attacks on SolarWinds customers.

What’s happening: According to Microsoft Threat Intelligence Center (MSTIC), Nobelium (attackers) is targeting government agencies, think tanks, consultants, and non-governmental organizations mainly in the United States (US). Other than the US, the actor has targeted at least 24 other countries. Just like before, this time the target of the cyber attack was largely government agencies involved in foreign policy as part of intelligence gathering efforts. Also Read: Amazon acquires MGM for whopping $8.45 billion to bolster its Prime membership offering

  • The malicious email campaign operated by Nobelium escalated on May 25, 2021, as it leveraged the valid mass-mailing service, Constant Contact, to masquerade as a US-based development organization (USAID) and allocated malicious URLs to several organizations and industry verticals.

Operating method: Nobelium tries to compromise systems through an HTML file attached to a spear-phishing email. When opened by the targeted user, a JavaScript within the HTML writes an ISO file to disc and encouraged the target to open it, resulting in the ISO file being mounted much like an external or network drive. From here, a shortcut file (LNK) would execute an accompanying DLL, which would result in Cobalt Strike Beacon executing on the system. Also Read: Microsoft mitigates outage with Microsoft 365 services and features

What does it all mean: It’s a new form of warfare. Cyber attacks are now the tool for countries to fulfill their political objectives. These new attacks by Nobelium focused on human rights and humanitarian organizations. 

What do can we do: Countries need to formulate clear rules governing nation-state conduct in cyberspace. They also must outline clear expectations of the consequences for violation of the cyber rules.

  • According to Microsoft, countries must rally around progress made by the Paris Call for Trust and Security in Cyberspace
  • Countries must approve the recommendations of the Cybersecurity Tech Accord, and the CyberPeace Institute

Also Read: China to build $3 bn supercomputing centre for space data services

LEAVE A REPLY

Please enter your comment!
Please enter your name here