SolarWinds hackers targeting more tech companies, Microsoft says
Microsoft said Monday that the Russian-backed hackers behind the sprawling SolarWinds breach have targeted at least 140 companies "integral to the global IT supply chain" in a new effort to gain access to their customers' networks.
Why it matters: Despite warnings of retaliation from President Biden, Nobelium, which has been identified by the U.S. government as being part of Russia’s foreign intelligence service, has continued major cyber espionage campaigns even after the attention it garnered from the SolarWinds hack.
- Microsoft warned in May that the group was also attempting to breach computer networks belonging to government agencies, think tanks, consultants and NGOs in order to steal data.
- The Solarwind breach was uncovered in December 2020 but likely existed for months before its discovery.
What they're saying: The targets of this campaign are primarily resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers, Microsoft said.
- "Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain," the company said.
- "We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers," it added.
- Microsoft said it has observed these types of attacks from the group since May 2021.
By the numbers: At least 14 of these resellers and service providers have been compromised by Nobelium.
- Between July and mid-October, Microsoft said it had informed 609 customers that they had been attacked 22,868 times by Nobelium.
- The group's success rate is currently in the "low single digits," Microsoft said.
The big picture: The Biden administration has devised collection strategies to get ahead of cybercriminals, including offering financial rewards for information that helps identify and locate people engaged in foreign state-sanctioned malicious cyber activities.
- The administration has also called on major tech companies to work with the federal government to address the growing wave of cyberattacks, and they have responded with new cybersecurity projects and spending plans, Axios' Scott Rosenberg reports.