Categories: News

The Russian Nobelium group comes back with phishing

The Russian hackers in the Nobelium group, who were behind the SolarWinds attack are back with a phishing attack. They struck again, according to Tom Burt, Microsoft vice president.

Nobelium sent phishing emails

In his post, Burt mentioned that hackers managed to gain access to the “Constant Contact” email marketing service. The United StatesAgency for International Development (USAID) operates this service.

Once they gained access, the group sent phishing emails infused with malware. Thus, hackers installed the NativeZone backdoor. This managed to exfiltrate data and spread the malware across the networks.

Although the attack is global, most of its victims were in the US. The attack affected more than 3,000 accounts from 150 organizations.

Microsoft mentioned that they observed the attack of the hackers behind the attack against SolarWinds in January 2021, with “significant experimentation,” but still little impact. Still, this changed a few days ago, when hackers started using Constant Contact. Simultaneously, they unleashed the phishing attack.

Initially, the hackers made the victims that clicked legit Constant Contact the link bump to an infrastructure they controlled. Then, they started a malicious .iso file, which gave hackers access to the machine.

Dangerous messages went through the filters

According to Microsoft, automated filters managed to catch most of the phishing messages. Still, some made it through and became very dangerous. So, the company advised blocking theyardservice[dot]com, which hackers used for redirection. Also, users should adopt multi-factor authentication.

Security experts mentioned that the new Nobelium attack came just after Joe Biden announced a meeting with Vladimir Putin, next month. The US president accused Russia for exploits such as the Colonial Pipeline ransomware attack. Still, Russia denied its involvement.

Because of the incident, the US Department of Treasury decided sanctions on Russian cyber companies. Moreover, it expelled diplomats from US embassies.

The number of cyber attacks that experts link to Russia increased significantly, during the last few months.

Laurentiu Titei

Recent Posts

How to Fix Minecraft Exit Code 1 in Windows?

Minecraft, a game that needs no introduction. Many of us have grown up creating the…

2 hours ago

How to Update Windows Security Signatures Manually Windows 11/10

Windows Security signatures are digital fingerprints that verify the integrity and authenticity of various software…

1 day ago

Best Free PC Games Download Sites (Latest 2025)

Tired from your studies, office job, or any other hectic task? Then, you can turn…

2 days ago

How to Activate Windows Security on Your Device: Windows 11 and 10

The 2025 Microsoft Vulnerabilities Report stated that the security risks for Windows systems reached a…

2 days ago

Top 14 Best Free Driver Updater Tools for Windows 10 and 11 in 2025

Are you on the lookout for the best free driver updater software? Look no further!…

2 days ago

Best Ad Blocker Software for Windows

Did you know that there are over 912 million ad blocker users worldwide? The statistics…

3 days ago