back to article SolarWinds attacker on the move: Russia's Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft

Russia's Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against …

  1. Zippy´s Sausage Factory
    Black Helicopters

    Kaspersky going against the Russian government?

    If I worked for that company I'd be very careful how close I get to open windows in the future...

  2. Pascal Monett Silver badge

    "Hostile countries' threat actors"

    This is sabotage and nothing less than an act of war.

    I'm thinking Tom Clancy could have whipped up a scenario where such actors were terminated with extreme prejudice à la Rainbow Six.

  3. Neil Barnes Silver badge

    the best guide to country's government's intentions being its actions rather than words.

    The casual observer might carelessly conclude that you think the Russians are behind all this...

    1. Anonymous Coward
      Anonymous Coward

      Re: the best guide to country's government's intentions being its actions rather than words.

      Neil Barnes,

      "The casual observer might carelessly conclude that you think the Russians are behind all this..."

      And the casual observer would be 100% right !!! :)

      Could you believe any such actions would be allowed in Putins Russia ???

      The only way they could be continuing is that Putin and his friends are 'allowing' it to continue ..... because it is in fact 'Putin and his friends' who are behind it !!!

      It serves 2 useful aims:

      1: It annoys the west and causes a lot of useful wasting of time & resources.

      2: It obtains a 'small' amount of 'Pin money' that can help grease palms around the world to facilitate chasing so called enemies and accidentally pushing them in front of trains etc. As per SOP.

  4. Anonymous Coward
    Megaphone

    And in tonight's RT news

    Bears do not shit in the woods

    The Pope is not Catholic

    Russia does not conduct offensive operations in the cyber domain

    1. KalaDude

      Re: And in tonight's RT news

      The pope is not catholic: https://www.youtube.com/watch?app=desktop&v=RMf4OtC7SXY&feature=emb_logo

      1. druck Silver badge

        Re: And in tonight's RT news

        I think that is saying the head of the catholic church is not called the pope, not that the pope isn't catholic.

  5. Chris Stephens

    I guess its good they don't know about this newly identified issue at all DOCSIS cable co's. It starts with discussions and then a MSO insider lets loose about the "maintence network connects EVERY device on the DOCSIS network and has no security. Its like a 16 million port switch tied to the LAN side. Modems are handing with SAMBA access... FIrmware is security from the 1990s'. All DOCSIS networks worldwide are WIDE OPEN to attack.. So now we just wait for a MSO to have all its CPE taken over and ransomware is called into action with 16 million set top box computers fully taken over by a worm in a hour and now scraping the clients networks for data and attacking the MSO. https://www.dslreports.com/forum/r31122204-SB6190-Puma6-TCP-UDP-Network-Latency-Issue-Discussion~start=9780

    1. chuBb. Silver badge

      Are you surprised? If a high turnover min wage call centre operative can perform a remote reset/reconfig then yeah the maintenance network will be wide open.

      Just about all firmware sucks at security, and I'm pretty sure there was a bot net arround the time of stuxnet hitting the news that mainly comprised set top boxes and modems and spread by sftp (might have been ftp or samba) ...

      It's the main reason I will always provide my own terminating hardware and not do anything but recycle what ever crap the isp sends out. That and you can leap frog to 2nd line support when they can't follow any of the script, failing that you need to get them to try and guess which layer of the osi model we are talking about then inform them they are not qualified to accept your answer and to escalate it...

  6. Anonymous Coward
    Anonymous Coward

    Coming into DC

    Rainy night driving back to DC from NYC NPR had a short, interesting report with segments from Fireeyes and others on this. My wife was stuck (LOL) listening to me explaining this. So there’s that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021