News & Events

Nobelium Threat Campaign Persists

New York, 10/28/2021

For immediate release.

Generic Network Systems continues to monitor the activities of the attacker known as Nobelium. In a recent warning issued by Microsoft on October 24th, they describe the ongoing threat activity of the Russian nation-state group who are purportedly trying to mimic the approach that allowed them to gain access to Federal government systems. GNS continues to take proactive measures in ensuring the protection of our infrastructure and that of our clients.

Microsoft has issued security requirements for its cloud service provider partners to help defend against these attacks, which GNS adheres to, including the use of multi-factor authentication and conditional access policies; the adoption of Microsoft's Secure Application Model Framework, used for authenticating cloud solution provider partners; and the auditing of security operations.

Assessing the additional guidance released by Microsoft for partners on how to protect against potential intrusions, the indication is that the most common techniques Nobelium is applying are phishing attempts and password spray attempts. In combating these threats for our Azure and MS365 tenants, GNS makes use of Microsoft Active Threat Protection, which alerts our organization to any suspicious logins or activity. GNS also applies only limited to no user global administrative privileges, but are working with clientele where we feel greater restrictions should be applied. And while MFA is enforced on the majority of global admin accounts, we are working to ensure this is applied to all clientele. Of most importance, GNS also recommends that all clientele implement greater Security Awareness training to ensure the risk of compromise to their organization is reduced to as low as possible.

This press release was published on 10.28.2021. For more information, please contact compliance@gnetsys.net.