Justice Department seizes domains used in Nobelium spear-phishing attacks

The U.S. Justice Department has announced the seizure of domains used in Nobelium spear-phishing attacks previously identified by Microsoft last week.

After court orders were issued in the Eastern District of Virginia on May 28, the Justice Department seized two command-and-control (C2) and malware distribution domains used in spear-phishing campaign posing as U.S. Agency for International Development (USAID).

“The Department’s seizure of the two domains was aimed at disrupting the malicious actors’ follow-on exploitation of victims, as well as identifying compromised victims. However, the actors may have deployed additional backdoor accesses between the time of the initial compromises and last week’s seizures,” the Justice Department said in a press release.

“Cyber intrusions and spear-phishing email attacks can cause widespread damage throughout affected computer networks, and can result in significant harm to individual victims, government agencies, NGOs, and private businesses,” said Acting U.S. Attorney Raj Parekh for the Eastern District of Virginia.

Last week, the Microsoft Threat Intelligence Center (MSTIC) had uncovered a “sophisticated email-based attack” operated by Nobelium, as part of a wide-scale malicious email campaign.

The threat actor was also allegedly behind recent cyberattacks against SolarWinds, SUNBURST backdoor and others. Microsoft tracked the campaign since January of 2021 and had seen the threat evolve into a “series of waves demonstrating significant experimentation.”

According to the Microsoft report and Justice Department statement, malicious actors abused an email marketing company and compromised USAID account to send spear-phishing emails. The emails were purportedly coming from USAID email accounts containing a “special alert” to thousands of email accounts and over one hundred organizations.

Related Articles