{"id":25496,"date":"2021-10-25T22:33:08","date_gmt":"2021-10-25T21:33:08","guid":{"rendered":"https:\/\/www.n-able.com\/?p=25496"},"modified":"2021-10-26T13:26:28","modified_gmt":"2021-10-26T12:26:28","slug":"update-on-the-nobelium-apt-attack-group","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group","title":{"rendered":"Update on the Nobelium APT Attack Group"},"content":{"rendered":"<p>If you\u2019re like me, you started your week by reading the Microsoft blog about Nobelium, an advanced-persistent-threat (APT) group that was actively targeting cloud service providers (CSPs) and managed services provider (MSPs) in a recent wave of supply chain attacks. Personally, I wasn\u2019t terribly surprised. We all know by now that MSPs have a bullseye on them for adversaries wishing to target the supply chain. What\u2019s different about this attack is the motive.<\/p>\n<p>Without getting into the details of Nobelium\u2019s previous activities, what you must realize is that their attacks are extremely strategic\u2014and they play the long game. They\u2019re not trying to break in and cause immediate harm; they want to establish persistence in an environment and begin to learn what\u2014and more importantly whom\u2014they have access to. They\u2019ll then utilize this information to continue their attack towards their ultimate objective.<\/p>\n<p>Microsoft has provided a wealth of information about these attacks, for which I thank them. They have proactively contacted targeted entities in an attempt to quickly contain these attacks. As an MSP, you may think you\u2019re safe if you weren\u2019t in the 600+ organizations notified by Microsoft as being targets over the last few months. However, I would encourage you to use this information as an opportunity to review your policies and configurations, as well as those of your customers, to understand how much risk you have based upon those elements.<\/p>\n<p>For starters, I\u2019d suggest you review your M365 environment:<\/p>\n<ul>\n<li>Do you have 2FA enabled for all users\/applications?<\/li>\n<li>Does your conditional access policy allow legacy authentication?<\/li>\n<li>Do you have PowerShell enabled for your tenant? If so, is it locked down to specific accounts and controlled by conditional access?<\/li>\n<li>Do you have a password lockout policy configured?<\/li>\n<li>Do you have advanced threat protection enabled for your emails? If so, are you using safe attachment scanning?<\/li>\n<li>Do you have any systems exposed that are tied to Active Directory for authentication, but are single factor authentication?<\/li>\n<li>Are you performing periodic user reviews?<\/li>\n<li>Are you leveraging Microsoft Defender for Identity and monitoring those alerts?<\/li>\n<li>Do you have a process to investigate any suspicious findings?<\/li>\n<\/ul>\n<p>My list could go on and on, but I encourage you to read the Microsoft <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/10\/25\/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks\/\" target=\"_blank\" rel=\"noopener\">blog<\/a>, where they have a wealth of information on best practices around mitigation and remediation. For our MSPs, I would also recommend you review best practices around securing your N&#8209;able solutions, as those systems have been and continue to be in the crosshairs of attackers. These practices include such steps as:<\/p>\n<ul>\n<li>Follow the principle of <a href=\"https:\/\/us-cert.cisa.gov\/bsi\/articles\/knowledge\/principles\/least-privilege\" target=\"_blank\" rel=\"noopener\">Least Privilege<\/a> when assigning permissions.<\/li>\n<li>Ensure MFA is enabled and in use for all technician logins.<\/li>\n<li>For N&#8209;able\u2122 N&#8209;central\u00ae, ensure you are up to date with the latest version.<\/li>\n<li>For N&#8209;able RMM, ensure <a href=\"https:\/\/documentation.n-able.com\/remote-management\/userguide\/Content\/ip_restriction.htm\" target=\"_blank\" rel=\"noopener\">IP Address Restriction<\/a> is in place for user login.<\/li>\n<li>For additional suggestions on hardening recommendations, see <a href=\"https:\/\/www.n-able.com\/blog\/how-you-can-harden-your-n-central-server\" target=\"_blank\" rel=\"noopener\">N&#8209;central<\/a> and <a href=\"https:\/\/www.n-able.com\/blog\/hardening-n-able-rmm\" target=\"_blank\" rel=\"noopener\">RMM<\/a>.<\/li>\n<\/ul>\n<p>Securing these environments is our shared responsibility.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.<\/p>\n","protected":false},"author":82,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-25496","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Update on the Nobelium APT Attack Group - N-able<\/title>\n<meta name=\"description\" content=\"N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Update on the Nobelium APT Attack Group - N-able\" \/>\n<meta property=\"og:description\" content=\"N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-25T21:33:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-26T12:26:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/07\/Types-of-Network-Security-.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dave MacKinnon\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/07\/Types-of-Network-Security-.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dave MacKinnon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\"},\"author\":{\"name\":\"Dave MacKinnon\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/87be88dc76a4fdfdee351724ad7f531e\"},\"headline\":\"Update on the Nobelium APT Attack Group\",\"datePublished\":\"2021-10-25T22:33:08+01:00\",\"dateModified\":\"2021-10-26T12:26:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\"},\"wordCount\":498,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"es\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\",\"url\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\",\"name\":\"Update on the Nobelium APT Attack Group - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es#website\"},\"datePublished\":\"2021-10-25T22:33:08+01:00\",\"dateModified\":\"2021-10-26T12:26:28+00:00\",\"description\":\"N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/es\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Update on the Nobelium APT Attack Group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/es#website\",\"url\":\"https:\/\/www.n-able.com\/es\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/es?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/es#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/es\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/87be88dc76a4fdfdee351724ad7f531e\",\"name\":\"Dave MacKinnon\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/ffccee54572de70bdbb45f981eeb40faf44d3c98bcba33636d43c794f61ea6ef?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ffccee54572de70bdbb45f981eeb40faf44d3c98bcba33636d43c794f61ea6ef?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ffccee54572de70bdbb45f981eeb40faf44d3c98bcba33636d43c794f61ea6ef?s=96&d=mm&r=g\",\"caption\":\"Dave MacKinnon\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Update on the Nobelium APT Attack Group - N-able","description":"N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group","og_locale":"es_ES","og_type":"article","og_title":"Update on the Nobelium APT Attack Group - N-able","og_description":"N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.","og_url":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2021-10-25T21:33:08+00:00","article_modified_time":"2021-10-26T12:26:28+00:00","og_image":[{"width":1600,"height":800,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/07\/Types-of-Network-Security-.jpg","type":"image\/jpeg"}],"author":"Dave MacKinnon","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/07\/Types-of-Network-Security-.jpg","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"Dave MacKinnon","Tiempo de lectura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group"},"author":{"name":"Dave MacKinnon","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/87be88dc76a4fdfdee351724ad7f531e"},"headline":"Update on the Nobelium APT Attack Group","datePublished":"2021-10-25T22:33:08+01:00","dateModified":"2021-10-26T12:26:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group"},"wordCount":498,"publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"articleSection":["Security"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group","url":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group","name":"Update on the Nobelium APT Attack Group - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/es#website"},"datePublished":"2021-10-25T22:33:08+01:00","dateModified":"2021-10-26T12:26:28+00:00","description":"N-able CSO Dave MacKinnon breaks down the Nobelium attack and what you can do to help keep your business, and your customers, safe.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/es\/blog\/update-on-the-nobelium-apt-attack-group#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/es\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"Update on the Nobelium APT Attack Group"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/es#website","url":"https:\/\/www.n-able.com\/es","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/es?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/es#organization","name":"N-able","url":"https:\/\/www.n-able.com\/es","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/87be88dc76a4fdfdee351724ad7f531e","name":"Dave MacKinnon","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/ffccee54572de70bdbb45f981eeb40faf44d3c98bcba33636d43c794f61ea6ef?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ffccee54572de70bdbb45f981eeb40faf44d3c98bcba33636d43c794f61ea6ef?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ffccee54572de70bdbb45f981eeb40faf44d3c98bcba33636d43c794f61ea6ef?s=96&d=mm&r=g","caption":"Dave MacKinnon"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/25496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/users\/82"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/comments?post=25496"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/25496\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/media?parent=25496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}