Microsoft exposes tactics used by major threat actors

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Infamous threat actors that keep targeting organizations and agencies around the world.
  • Microsoft is now shedding light on some of the major hacker groups and their operations.
  • IT service providers were targetted by groups based in China, Russia, North Korea, and Iran.
  • For example, Russia’s Nobelium typically focuses its efforts on software supply chain attacks.

The Redmond-based tech company has recently shed light on some of the more infamous threat actors that have targeted organizations and agencies around the world over the last 12 months.

According to the above-mentioned source, by targeting IT service providers, hacking groups based in China, Russia, North Korea, and Iran hope to create domino effects to cascade down to individual users.

Most of these attacks by nation-state actors, at almost 80 percent, have been directed towards government agencies, think tanks, and non-government organizations.

Attacks are mostly targetting government organizations

The tech giant highlighted the Russia-based Nobelium, the China-backed Nickel, North Korea-supported Thallium, and Iran’s Phosphorus as the most active groups attacking the global government sector.

And yes, we are particularly talking about government entities that are actively involved in international affairs.

While each of the nations may have threat actors that go after similar targets and utilize similar techniques, each nation and group has its own style.

For example, Russia’s Nobelium typically focuses its efforts on software supply chain attacks.

A perfect example is the SolarWinds hack, about which Microsoft’s John Lambert, vice president of the Threat Intelligence Centre, said that it exploited 100 organizations.

Hafnium operates primarily from leased virtual private servers in the United States and targets entities across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

Microsoft also recently flagged Nobelium as a potential threat against cloud service providers and resellers after it employed password spray and phishing attacks to attack third-party providers and provide a set-up for future hacks.

In addition to Nickel, China’s Hafnium was prominent during the first quarter of 2021 as it attacked on-premises versions of the Microsoft Exchange Server.

Rubidium, thought to be responsible for the Pay2Key and N3tw0rm ransomware attacks against Israel, was flagged by Microsoft as a threat actor of particular concern.

Meanwhile, North Korea gained a reputation for focusing on consumer accounts in the hopes of gaining diplomatic or geopolitical intelligence.

For example, its Zinc and Cerium state actors were behind attacks against pharmaceutical companies and vaccine researchers.

Lambert, along with other experts is hypothesizing it could have been an attempt to speed up the country’s own vaccine research.

Thallium had a low rate of successful compromise with a large-scale spear-phishing operation, its usual strategy, as such attacks are becoming easier to detect and defend against.

Even though experts are doing everything in their power to stop such attacks from becoming more frequent, the numbers are expected to rise.

Remember to do your best to keep your sensitive data safe from malicious third parties. This means no downloading from unsafe sources, no opening suspicious emails, and definitely not giving anyone your credentials.

Recently there has been a rise in attacks that hackers have conducted via emails that contained scannable QR codes, so watch out for that too.