SolarWinds actors are scoping out hub companies to go after prized targets
November 21, 2021
The Russian APT group known as Cozy Bear doesn’t hibernate for long, and in late October Microsoft warned that the nation-state actor was trying to replicate the success of its SolarWinds supply chain attack — this time by compromising IT resellers and tech/cloud service providers and then impersonating them in order to target their customers.
On the heels of that report, researchers from Israeli cyber assessment and optimization firm CYE released their own findings, which show that Cozy Bear — aka Nobelium or APT29 — is not putting all its eggs in one basket. CYE reported what it claims is previously unreported Nobelium activity involving an unknown C2 malware, along with new TTPs and IOCs.