"SolarWinds Hackers Set Up Phony Media Outlets To Trick Targets"

Nobelium, the Russian hacking group behind the SolarWinds hack, is setting up new infrastructure to launch attacks using old tricks, researchers at Recorded Future found.  The researchers stated that the group has evolved in recent months in an effort to avoid detection.  The researchers identified more than four dozen domains the group used in phishing attacks, some of which attempted to emulate real brands.  The researchers noted that the tactic in which hackers register potentially misspelled versions of real brand domains to trick targets is known as “typosquatting.”  Typosquatting is a common tool associated with Nobelium and has been used by the group in other campaigns, including recent attacks against Ukrainian targets.  The set of domains that the researchers identified emulated brands across industries but particularly focused on posing as news and media organizations.  Nobelium, also known as APT29 or CozyBear, is believed to have ties with the Russian Foreign Intelligence Service.  Microsoft researchers recently spotted Nobelium attempting to phish diplomats from Ukraine and NATO members.

CyberScoop reports: "SolarWinds Hackers Set Up Phony Media Outlets To Trick Targets"