FG Warns Nigerians, Companies Against Dangerous Cyberattack

Nigerians have been asked to be on the alert so as not to fall victim to malicious email campaign being launched by Nobelium, a threat actor behind recent attacks against SolarWinds which led to the scarcity of fuel in some parts of the US in May. The group is also behind TEARDROP malware and GoldMax malware.

Nobelium, the group of international hackers uncovered by Microsoft, sends a malicious email to individuals and companies and disguise as the U.S. Agency for International Development (USAID), according to the National Information Technology Development Agency (NITDA) in a fresh cyberattack alert.

Hadiza Umar, the spokeswoman for the NITDA, issued the alert late on Sunday in Abuja, adding that the group also goes after government agencies and ministries, non-government organizations, think tanks, the military, IT service providers, health, technology, and telecommunications providers.

“Their antics involve the use of emails claiming to be an alert from USAID about new documents published by former President Donald Trump about election fraud.

“Once users click the link in the email, the URL would direct them to the legitimate Constant Contact Service and then redirect to Nobelium-controlled infrastructure through a URL that delivers a malicious International Organization for Standardization (ISO) file.

“This, in turn, enables the criminals to execute further malicious objectives, such as lateral movement, data exfiltration, and delivery of additional malware,” said the NITDA.

The agency urged organizations and individuals to enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the Internet.

Other measures suggested by the NITDA included enabling investigation and remediation in “fully automated” mode to allow antivirus to take immediate action on alerts to resolve breaches.

It added, “Use device discovery to increase your visibility into your network by finding unmanaged devices on your network and onboarding them.

“Enable Multi-Factor Authentication (MFA) to mitigate compromised credentials and block all office applications from creating child processes.”

Ms Umar advised Nigerians to report any incident by contacting NITDA’S Computer Emergency Readiness and Response Team via email support@cerrt.ng or telephone +2348178774580.

Read Also: Explosion Rocks Port Harcourt Mile 3 Market, Many Injured