How Microsoft partners should prepare for Nobelium attacks

October 25 2021

Microsoft has released new guidance for partners to prepare for attacks by the threat attacker known as Nobelium that was behind the SolarWinds hack in 2020. Microsoft Threat Intelligence Center has recorded attempted exploits by Nobelium, which usually follows a compromise-one to compromise-many strategy.

Commonly, Nobelium targets privileged accounts with service providers to move laterally. To accomplish this it relies on password sprays, advanced malware, token theft, API abuse, supply chain attacks, and spear phishing. The Microsoft blog post explained:

In the observed supply chain attacks, downstream customers of service providers and other organizations are also being targeted by Nobelium. In these provider/customer relationships, a customer delegates administrative rights to the provider to allow the provider to manage the customer’s tenants as if they were an administrator within the customer’s organization. By stealing credentials and compromising accounts at the service provider level, Nobelium can take advantage of several potential vectors, including but not limited to delegated administrative privileges (DAP), and then leverage that access to extend downstream attacks through trusted channels like externally facing VPNs or unique provider-customer solutions that enable network access.

How can Microsoft's partners prepare?

About Eamon McCarthy Earls

As the assistant editor at MSDynamicsWorld.com and MSCloudNews.com, Eamon helps to oversee editorial content on the site and supports site management and strategy. He can be reached at eearls@msdynamicsworld.com.

Before joining MSDynamicsWorld.com, Eamon was editor for SearchNetworking.com at TechTarget, where he covered networking technology, IoT, and cybersecurity. He is also the author of multiple books and previously contributed to publications such as the Boston Globe, Milford Daily News, and DefenceWeb.

More about Eamon McCarthy Earls