One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and government targets with novel tactics and custom malware, stealing data and moving laterally across networks.
Researchers from Mandiant have identified two distinct clusters of activity that can be “plausibly” attributed to the threat group, which they track as UNC2452, they said in a report published Monday.
