As of 02/06/2021
Nobelium, the cyber threat group that was responsible for SolarWinds attacks last year, has made the headlines again. This time it has come up with a spear fishing campaign.
The group targeted approximately 3,000 accounts linked to 150 think tanks, government organisations and non-government organisations. All received an email that included a reply option to a compromised USAID.gov mail ID. People thought this message was from the US Agency for International Development.
Clicking on this email would direct the victim to download malware from TheYardService.com. The attackers then downloaded the Cobalt Strike tool into victim’s device which allowed them a constant presence. The tool was receiving communications from TheYardService.com and WorldHomeOutlet.com. These are the domain names that have been seized by the US Department of Justice.
Nobelium is a Russian hacker group that primarily targets Think Tanks, Government and Non-government organisations, humanitarian groups and the military. The recent attack came into public view after Microsoft posted a blog about it.