The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organisations that have been granted administrative or privileged access by other organisations. The targeted activity has been observed against organisations based in the United States and across Europe since May 2021. MSTIC assesses that NOBELIUM has launched a campaign against these organisations to exploit existing technical trust relationships between the provider organisations and the governments, think tanks, and other companies they serve. NOBELIUM is the same actor behind the SolarWinds compromise in 2020, and this latest activity shares the hallmarks of the actor’s compromise-one-to-compromise-many approach. Microsoft has notified known victims of these activities through our nation-state notification process and worked with them and other industry partners to expand our investigation, resulting in new insights and disruption of the threat actor throughout stages of this campaign. Netfocus IT Solutions follow the protection and mitigation guidelines issued by Microsoft to protect Office 365, Azure and Dynamics cloud platforms.
