Supply Chain Attacks
In 2021, we continue to see an increasing number of cyber attacks on companies, organizations and authorities, which end up in the headlines of the media on a quasi-weekly basis. Specifically, these are mainly ransomware attacks on economically highly critical sectors, such as the recent attacks on the pipeline operator Colonial Pipeline in the USA or the food company JBS, which had to pay millions of dollars in ransom to free its systems from the stranglehold of criminals. What is striking here: often the attacks are due to groups with ties to Russia.
SentinelLabs security researchers recently looked at one such threat actor: APT-29, also known as “Nobelium”. The research group tracks the threat actor associated with Russia and its current activities under the name “NobleBaron”. The researchers ‘research shows how hackers’ tactics and techniques have evolved over the last 2-3 years to make attacks even more devastating and make it harder to discover the criminal machinations. New attack methods, such as the use of a “DLL stageless”downloader, are now an integral part of the current attack campaign, which has a convoluted multi-level chain of infection that is five to six levels deep.
Morgan Wright, Senior Security Advisor at SentinelOne
“Attackers in cyberspace continue to look for vulnerabilities and overlooked access vectors (e.g. contact management software) to once again compromise accounts and operate seemingly with impunity from countries that tacitly allow these criminal activities. Recently, another group apparently linked to Russia has launched an attack on an essential sector of the economy. Hardly anything is as central to a country as supplying its citizens with electricity, water and food, ” says Morgan Wright, Senior Security Advisor at SentinelOne.
“Russia continues to aggressively use its intelligence services( such as the SVR and GRU) to target humanitarian organizations, government agencies, and other organizations and individuals who provide services or hold political positions deemed contrary to Russian interests. The attack on JBS is a direct threat to the security of sovereign nations. To protect against ransomware and other threats, government agencies, organizations, and companies alike must invest in cybersecurity and protect their networks and systems.“