{"id":97806,"date":"2021-09-28T13:00:28","date_gmt":"2021-09-28T20:00:28","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=97806"},"modified":"2023-05-15T23:03:13","modified_gmt":"2023-05-16T06:03:13","slug":"how-nation-state-attackers-like-nobelium-are-changing-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/09\/28\/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity\/","title":{"rendered":"How nation-state attackers like NOBELIUM are changing cybersecurity"},"content":{"rendered":"

This is the first post in a four-part series on the NOBELIUM nation-state cyberattack. Microsoft started telling the industry about this extremely advanced cyberattack in December 2020. The NOBELIUM blog series\u2014which mirrors Microsoft\u2019s four-part video series \u201cDecoding NOBELIUM\u201d\u2014will pull the curtain back on the world of threat detection and showcase insights from cybersecurity professionals on the front lines, both Microsoft defenders and other industry experts.<\/em><\/p>\n

In many ways, the NOBELIUM nation-state cyberattack realized the deepest fears of United States cybersecurity experts, according to Microsoft 365 Security Corporate Vice President Rob Lefferts. It was a supply chain attack. It was methodically planned and executed. And it impacted multiple world-class companies with strong security teams. Perhaps, your company was one of them\u2014or perhaps you know someone who works at a company that was affected. As we begin Cybersecurity Awareness Month in October, the far-reaching nature of such attacks is ever-present on our minds, which is one reason why more than 3,500 Microsoft security experts actively defend and protect organizations from cyberattacks every day.<\/p>\n

Nation-state attacks are malicious cyberattacks that originate from a particular country and are an attempt to further that country\u2019s interests. Numerous organizations were impacted by the NOBELIUM attacks<\/a>. Such attacks are fueled by geopolitical competition and a desire to gain an advantage over other nations, such as by stealing intellectual property for economic benefit or supporting traditional espionage.<\/p>\n

In December 2020, Microsoft began sharing information with the cybersecurity industry on what would become widely recognized as the most sophisticated nation-state cyberattack in history. NOBELIUM, a group of Russia-based hackers, gained access to multiple enterprises through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens.<\/p>\n

In this supply chain attack, hackers were able to access the SolarWinds code, slip malicious code into a piece of the software, and use the vendor\u2019s legitimate software updates to spread their malware to customer systems. Successful attacks gave NOBELIUM hackers high-level permissions on the downstream compromised systems.<\/p>\n

Why should enterprises worry about nation-state attacks?<\/h2>\n

Historically, nation-state actors directly targeted infrastructure, think tanks, and governments of other countries. However, as organizations improve their defenses, sophisticated actors look for new ways to gain access to their targets through the vendors, software, and networks they rely upon. Enterprises are also increasingly at risk of attacks as nation-state actors expand their objectives to pursue intellectual property theft. As a result, enterprises are often targeted by nation-state actors attacking the networks of their customers, partners, or vendors through their own network or software. The Microsoft Threat Intelligence Center<\/a>, which collects billions of data points to gather threat intelligence, has observed that enterprises are increasingly at risk of these attacks.<\/p>\n

Consider these statistics, which show the magnitude of security threat from nation-state attacks:<\/p>\n