NOBELIUM BEHIND RANSOMWARE

Microsoft Security has identified a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating significant experimentation.

Attacks on corporations and government agencies is ongoing. Recall that CD Project Red was attacked by ransomware,

On May 25, 2021, the campaign escalated as NOBELIUM leveraged the legitimate mass-mailing service, Constant Contact, to masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals.

The studio has seen its fair share of booby trapped emails. EXE and PDF attachments are common. Windows 10 version 21H1 is hardened against most malware but some safety tips are necessary. Beware of attachments from unknown domains.