Hackers from the murky Russian-linked organization behind the SolarWinds malware have launched a new drive to penetrate the global IT supply chain, according to Microsoft. According to a blog post by Tom Burt, Microsoft’s Corporate Vice President, Customer Security & Trust, the Nobelium hacking gang has been conducting a series of coordinated cyberattacks against companies that manage or resell cloud technology services since May of this year. Between July 1 and October 19, Nobelium attacked at least 609 clients 22,868 times, with just a few of them effectively penetrated.
The goal of the effort, according to Microsoft, is to “piggyback on any direct access that resellers may have to their clients’ IT systems” and “make it easier for an organization’s trusted technology partner to acquire access to its downstream customers.” Nobelium has been utilizing well-known hacking techniques to steal credentials and obtain privileged access to computer systems as part of its continuous effort. Hackers have reportedly employed a technique known as password spraying, which involves attempting to obtain access to several accounts using popular passwords such as Password123!
Nobelium suspected of being behind the major SolarWinds data breach, which revealed in December 2020. The attackers gained access to thousands of SolarWinds clients’ computer networks around the world, including elements of the Pentagon, the Department of Homeland Security, the State Department, the Department of Justice, the Department of Energy, and the National Nuclear Security Administration. The whole thing created quite a commotion, not least because the United States and the United Kingdom accused the group of having ties to the Kremlin. The White House responded to the attack by expelling Russian diplomats and imposing a slew of additional penalties on Russian individuals and assets. Although Russia denied responsibility for the SolarWinds hack, the chief of Russia’s Foreign Intelligence Service stated he was “flattered” by the charges.
Nobelium is now seeking to “replicate the method it has employed in previous attacks by targeting firms essential to the global IT supply chain,” according to Microsoft. “This new activity is another another indicator that Russia is attempting to get long-term, systematic access to a number of locations in the technological supply chain, as well as develop a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” says Burt. “We were fortunate enough to catch this effort in its early stages, and we’re releasing this information to help cloud service resellers, technology providers, and their clients take proactive actions to guarantee Nobelium doesn’t become more successful.”