Microsoft has announced details of a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components.
On May 25, 2021, NOBELIUM used Constant Contact (a legitimate mass-mailing service), to distribute malicious URLs as part of a phishing attack.
Administrators are urged to use the resources below to understand the risks, apply mitigations, and scan for indicators of compromise (IOC).
Read the full details here:
Microsoft Blog: New sophisticated email-based attack from NOBELIUM
Microsoft Blog: Another Nobelium Cyberattack
Microsoft Blog: Breaking down NOBELIUM’s latest early-stage toolset