Nobelium, a Russia-linked hacking group believed to have compromised SolarWinds network monitoring software in order to plant malicious software on the company customers’ networks last year, has returned with a new series of attacks, Microsoft said in a new report.

The tech giant said its investigation showed that the group, also known as APT29, Cozy Bear, and The Dukes, used password spray and brute-force techniques to compromise victims. While Nobelium’s recent activity was largely unsuccessful, the hackers managed to breach networks of three new entities, Microsoft said.

The attacks targeted mostly IT companies (57%), followed by government (20%), and non-governmental organizations and think tanks, as well as financial services.

“The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted,” Microsoft noted.

The Redmond-based company also said it has found information-stealing malware on a machine belonging to one of its customer support agents with access to basic account information for a small number of customers. The hackers used this information to conduct highly-targeted attacks as part of their broader campaign. The access to the machine has since been removed and the customer’s agent device has been secured, Microsoft said.

Last month, Microsoft reported that Nobelium hacking group targeted over 150 organizations across at least 24 countries using a hacked USAID (United States Agency For International Development) account at a mass email marketing company Constant Contact to send phishing emails and deploy the NativeZone backdoor capable of stealing information.