Microsoft Issues Update On Brute Force And Password Spraying Activity
By: Jim Stickley and Tina Davis
June 27, 2021
Microsoft recently issued an update on malicious cyber campaigns. On Friday, June 25th Microsoft revealed that it had identified new activity from an Advanced Persistent Threat (APT), known as NOBELIUM, targeting organizations globally. Fortunately, per The Microsoft Threat Intelligence Center, the activity was mostly unsuccessful, though three were successful.
The update stated that specific customers were targeted. These primarily included IT companies (57%) and government organizations (20%). However, there were smaller percentages for non-governmental organizations and think tanks, as well as financial services. The activity was largely focused on U.S. interests at around 45%, with the UK coming next at 10%. There were instances in Germany and Canada, though with smaller numbers. Thirty-six countries were targeted overall.
Microsoft also detected information-stealing malware on a machine belonging to a customer support agent who had access to basic account information for some, though a small number of customers. The information was used in some cases to launch highly-targeted attacks, believed to be part of a broader campaign.
The investigation into what happened is continuing. Microsoft did notify affected customers via their nation-state notification service. All of these organizations are urged urge to familiarize themselves with mitigating phishing attacks, how to implement two-factor/multi-factor authentication, and how to choose, configure, and use devices securely. In addition, ongoing cyber security awareness training and education is strongly encouraged.