The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities.
Microsoft Threat Intelligence Center (MSTIC) began tracking this latest campaign of Nobelium (previously known as Solarigate) in late January when it was in the reconnaissance stage, and observed as it “evolved over a series of waves demonstrating significant experimentation,” according to a blog post by the Microsoft 365 Defender Threat Intelligence Team.
