A recent hacking attempt by "state-sponsored actors" against several of Microsoft's customers was mostly unsuccessful earlier this week. Security experts at Microsoft Threat Intelligence Center (MSTIC) have reported that threat actor Nobelium used an information-stealing malware on the computer of a customer support agent in an attempt to launch a series of "highly-targeted" attacks.
Reuters claims that Microsoft did not announce the breach until after it approached the software giant about a note they had sent out to affected customers. "This recent activity was mostly unsuccessful," the MSTIC shared in a blog post. "The majority of targets were not successfully compromised - we are aware of three compromised entities to date."
The Nobelium group, thought to be operating out of Russia, is hardly new. In fact, they are believed to be the entity behind the infamous SolarWinds supply chain attack that occurred earlier this year. An unnamed official at the White House, interviewed by Reuters, claimed that this latest campaign appeared far less serious than the SolarWinds attack.
Described as "run of the mill espionage" by the MSTIC, this recent attack targeted customers in three dozen countries. Forty-five percent of the targets were in the United States, while smaller numbers were located in the United Kingdom, Germany, and Canada. The majority of the targets were IT companies, followed by a smaller percentage of government entities, financial services, and think tanks.
This threat appears to be quelled and dealt with, but cyber-security is a constantly evolving fight that seems like it will never end. As long as the Internet remains, people on both sides will evolve and innovate, trying to create the best offenses and defenses to overcome one another.
Reading about this cyber attack sent me down a rabbit hole. I researched the SolarWinds attack (I vaguely recall hearing something about it back in February but I admittedly didn't pay much attention), and then I started to look into my own security and where it might be lacking.
What anti-hacking/piracy measures do you take to protect your PC? I'd love to hear any and all ideas so that I can apply them for myself!