The hacker group Nobelium, linked by information security experts with the Russian Federation, tried to disguise its activities using resident proxies — the IP addresses of mobile and home computer networks of ordinary Americans.
We are talking about a new Nobelium campaign (the group is also considered to be the organizer of the sensational cyberattack on the American software manufacturer SolarWinds) aimed at organizations associated with global IT supply chains. According to Microsoft, since May of this year, hackers have attacked more than 140 technology service providers, 14 of them they managed to compromise.
In the period from July 1 to October 19 of this year, Microsoft recorded more than 22 thousand Nobelium attacks on 609 of its customers, but most of the attacks were unsuccessful.
According to a Bloomberg source, the campaign targeted American government departments, non-governmental organizations and technology firms.
According to Charles Carmakal, senior vice president of the Mandiant information security company, hackers used resident IP proxies — IP addresses associated with a specific location that can be purchased over the Internet.
The use of such proxies makes it possible to disguise hacking attempts as traffic originating from American mobile phones or home Internet networks. For example, an attempt by a hacker to penetrate a computer network from the outside will look like a company employee logs in from a mobile phone.
Nobelium and other hacker groups use Bright Data, Oxylabs and IP Burger to obtain residential proxies.
In response to Bloomberg's request to comment on the situation, representatives of Israel-based Bright Data reported that the company carefully checks customers and found no signs of Nobelium using their networks. Lithuanian Oxylabs stated that they are conducting an internal investigation, which currently has not revealed any signs of malicious use of the service.
