Following disclosures of supply chain attacks in December of 2020, the Microsoft Threat Intelligence Center (MSTIC) continues to track and disrupt NOBELIUM activity impacting organizations worldwide. A hallmark characteristic of NOBELIUM intrusions is their abuse of trust to gain and maintain access to their ultimate victims, allowing them to disguise their activity in legitimate business operations. In May of 2021, MSTIC identified a new sustained effort by NOBELIUM targeting IT services providers with the intent of leveraging access to those providers for access to downstream victims. This presentation will provide a strategic overview of the NOBELIUM threat actor, detail technical methods used by the actor to compromise victim cloud and on-premise environments, and summarize recent campaigns against IT service providers.
Justin Warner, Analyst, Microsoft Threat Intelligence Center
Justin has served in both highly technical and senior leadership roles within counterintelligence, threat research, and red team operations. Justin is also a graduate of the US Air Force Academy and an Air Force veteran.
Who Can Attend:
Open only to vetted InfraGard members.