RICHMOND (Va.) — Microsoft Monday said that the same Russia-backed hackers who were responsible for the 2020 SolarWinds hack continue to target the global technology supply chain. They have been targeting cloud service providers and other companies since summer.
The group, Microsoft is called Nobelium. It uses a new strategy that piggybacks on the direct access cloud service resellers have into their customers’ IT systems. Resellers are intermediaries between cloud giants and their ultimate customers and manage and customize accounts.
” We discovered this campaign in its early stages and we are sharing it to help cloud service resellers and technology providers and their customers take timely actions to ensure Nobelium does not become more successful,” Tom Burt (a Microsoft vice-president) said in a blog.
The Biden administration downplayed Microsoft‘s announcement. An American government official briefed about the issue and who requested anonymity to discuss the government’s response, stated that “the activities described were unsophisticated passcode spray and phishing for the purpose surveillance that we already know are attempted daily by Russia and other countries .”
The Russian Embassy did not immediately respond to a request to comment.
Russian ties are already being strained by a series of ransomware attacks on U.S. targets that were launched by Russian-based cyber gangs. U.S. President Joe Biden warned Vladimir Putin to clamp down on ransomware criminals. However, several high-ranking cybersecurity officials in the administration have stated recently that they have not seen any evidence.
Supply Chain attacks allow hackers to steal information by breaking into multiple products used by different targets. The U.S. government previously blamed Russia’s SVR foreign intelligence agency
for the SolarWinds hack. This supply-chain hack went unnoticed for most of 2020, and compromised many federal agencies, severely embarrassing Washington.
Microsoft has been observing Nobelium’s latest campaign since May and has notified more than 140 companies targeted by the group, with as many as 14 believed to have been compromised. The attacks have been increasingly relentless since July, with Microsoft noting that it had informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits. This is more attacks than Microsoft had reported rom all country-state actors over the past three years.
“Russia aims to have long-term, systematic and consistent access to a number of points in technology supply chains. It also wants to establish a mechanism to surveill – either now or in future – targets of Russian interest,” Burt stated.
Microsoft did not name any of the hackers’ targets in their latest campaign. Mandiant, a cybersecurity firm, said it had suffered attacks in North America and Europe.
Charles Carmakal, Chief Technology Officer Mandiant, said that hackers use the resellers as a way to hide their identity making detection challenging.
” It shifts the initial intrusion away form the ultimate targets, which can in some cases be organizations with more advanced cyber defenses to smaller technology partners with fewer cyber defenses,” he stated.
This story was contributed by
AP business writer Matt Ott from Silver Spring, Maryland.
Copyright, c) 2021 The Washington Times, LLC.