Alert: Guidance for partners on Nobelium targeted attacks
The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity attempting to gain access to customer data and information of multiple cloud service providers, managed service provider (MSP) partners, and other IT services organizations that use delegated administrative privileges or other elevated credentials to administer customer environments.
This situation is not the result of a security vulnerability but rather the attacker using a diverse and dynamic toolkit consisting of malware, social engineering and phishing to gain initial access, leveraging trusted relationships to gain access to downstream customers.
Microsoft has published guidance for partners, along with other information, to help you understand the situation and act:
- Microsoft Threat Intelligence Center (MSTIC) blog post – this is the primary source of information and detailed guidance for partners and their customers
- Microsoft on the Issues blog post
- Partner blog post – more context and information on this issue with a link back to the guidance on the MSTIC blog
If after reviewing the above listed materials you have questions about this issue or the guidance, please create and submit a support ticket within Partner Center.