Solarwinds Attackers Spotted Using New Tactics, Malware

Arthur T Knackerbracket has processed the following story:

One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they've seen the threat group - which Microsoft refers to as Nobelium" and which is linked to Russia's spy agency - compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.

Researchers from Mandiant have identified two distinct clusters of activity that can be plausibly" attributed to the threat group, which they track as UNC2452, they said in a report published Monday.

Mandiant has tracked the latest activity as UNC3004 and UNC2652 since last year and throughout 2021, observing the compromise of a range of companies that provide technology solutions, cloud and other services as well as resellers, they said.

Read more of this story at SoylentNews.