Microsoft said on Monday that the same Russia-backed hackers that were responsible for the 2020 SolarWinds breach are still attacking the global technology supply chain and have been continuously pursuing cloud service providers and others since the summer.
The gang, dubbed Nobelium by Microsoft, has devised a new technique to capitalize on cloud service resellers’ direct access to their clients’ IT systems, with the goal of “impersonating an organization’s trusted technology partner to get access to its downstream customers.”
Resellers function as go-betweens for large cloud firms and their end-users, administering and personalizing accounts.
Microsoft’s statement was reportedly downplayed by the Biden administration after an unnamed US government official claimed the attacks were “unsophisticated password spray and phishing, run-of-the-mill operations for the purpose of surveillance that we already know are attempted every day by Russia and other foreign governments.”
The Russian Embassy did not respond right away to a request for comment.
The US government previously implicated Russia’s SVR foreign intelligence agency for the SolarWinds hack, a supply-chain breach that remained undiscovered for most of 2020, impacted multiple federal agencies, and severely embarrassed Washington.
Since May, Microsoft has been monitoring Nobelium’s newest effort and has contacted more than 140 firms that have been targeted by the group, with as many as 14 suspected to have been hacked.
In their newest effort, Microsoft did not specify any of the hackers’ targets. However, cybersecurity firm Mandiant reported victims in both Europe and North America.
© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.