Microsoft said Friday it has seen new attacks from the Russia-based "threat actor" responsible for the attacks on SolarWinds customers.
Driving the news: The company indicated the activity was targeted at specific customers including IT companies, government agencies, non-governmental organizations and think tanks, and financial services.
- Microsoft refers to the attackers as Nobelium, and said the activity involved password spray and brute-force attacks.
- It added that it's aware of three "compromised entities," but the majority of targets were not successfully compromised. All customers that were targeted were notified.
- The company also detected information-stealing malware on a machine that belonged one of its workers with access to basic account information for a "small number" of its customers, and the attacker used the information to launch "highly targeted attacks" as part of a broader campaign.
- Microsoft says it has secured the device.
Flashback: Nobelium recently targeted human rights and international aid groups.