The Nobelium group, which is likely to have close ties to government agencies in Russia, has launched another malware campaign. This time it is based on a zero-day security hole in Apple’s iOS.
Google’s security researchers and their Microsoft colleagues are warning of the latest problem. This concerns a vulnerability that was entered in the databases under the ID CVE-2021-1879. Nobelium uses these to carry out very targeted attacks, which are primarily aimed at users who work in Western European government agencies.
A phishing message is sent to them via Microsoft’s business network LinkedIn. The link included leads to websites in which malicious code is embedded. This smuggles further malware directly onto an iPhone- even if its operating system is at the latest patch level. The aim of the malware is then to steal access tokens to various applications and networks.
The people behind the campaign are no strangers. Nobelium should be known to many users because they are behind the attack on SolarWinds, a manufacturer of management software for large networks. The perpetrators succeeded in smuggling their own malicious espionage code into its applications, which were then delivered to numerous customers – mostly large companies and authorities – all over the world. The attackers suddenly gained access to numerous critical IT infrastructures.
As is often the case with digital incidents of this type, it is difficult to find evidence of the real identity of the people you are dealing with. However, there are indications that it is a group that operates from Russia and can fall back on state resources there – presumably those of the foreign intelligence service SVR.
RS News or Research Snipers focuses on technology news with a special focus on mobile technology, tech companies, and the latest trends in the technology industry. RS news has vast experience in covering the latest stories in technology.