Microsoft has recently issued a warning regarding the Russian-backed group known as Nobelium. The group is currently engaged in a phishing campaign after having gained control over the Constant Contact account used by USAID. Constant Contact is an email marketing platform.
Through control of this account, Nobelium has been able to target 3,000 accounts. These accounts are connected to non-government organizations as well as more alarmingly government think tanks, consultants, and agencies.
Microsoft has stated that despite organizations within the United States bearing the brunt of the cyber attacks, Nobelium has gone after victims across 24 countries at the least. A quarter or more of the organizations that have been targeted are connected to or involved with human rights work, humanitarian work, and international development.
In the past Russian-based Nobelium has gone after non-government organizations, think tanks, government organizations, IT service providers, telecommunication providers, military, as well as health technology and research.
In this latest attack Nobelium’s intended victims consist of approximately 3,000 individual accounts divided amidst some 150 organizations. Nobelium has used a known and recognized pattern of theirs that is the use of unique infrastructure and configuration for different individual targets.
This method increases the group’s ability to act with impunity and without being detected for extended periods of time. The pattern and visuals of the attacks suggest a continuation of Nobelium's many prior campaigns assaulting government agencies that are connected to foreign policies that are in turn associated with intelligence gathering projects.
“The campaign highlighted by Microsoft is another example of how targeted phishing campaigns still constitute a serious threat against institutions of any kind,” said Stefano De Blasi, a threat researcher at the digital risk protection solutions provider Digital Shadows, which is based in San Francisco.
Stefano went on to say, “Their ability to elicit strong emotional responses from the email recipients is a crucial factor accounting for their success, and simultaneously, makes them very hard to defend against.”
Dirk Schrader, who is the Global Vice President, Security Research for the cybersecurity and compliance software provider New Net Technologies, said, “Prevention is rather difficult when a company is at the receiving end of such malicious campaign using trusted but compromised accounts.”
De Blasi would later add, “Protecting against phishing campaigns requires a two-fold approach. From a human perspective, it is fundamental that institutions maintain cyclical awareness training with their employees to ensure that some best practices are enforced across the organization. On top of this, it’s essential to keep endpoint protection adequately updated to have an additional defensive layer that catches the occasional miss by security tools at the network or email layers.”