Microsoft blames Russian hackers for new IT supply chain attack. (Graphic by Breaking Defense, original image by Markus Spiske via Pexels)
WASHINGTON: The Russian hackers allegedly behind the widespread SolarWinds espionage campaign are back at it, according to Microsoft, again targeting the global information technology supply chain — but this time, with a slight twist.
In research posted online Sunday, Microsoft analysts said that the “Russian nation-state actor Nobelium,” which the US government has linked to Russia’s civilian foreign intelligence service, has been attempting to replicate its SolarWinds success by targeting “reseller and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.”
The original hack is referred to as SolarWinds because it targeted a Texas firm of that name that provides IT monitoring and management software to customers the world over, including to the US government. A breach of one of SolarWinds’ products, discovered last year, allowed hackers to potentially spy on thousands of customers. The actual number of cyberespionage victims is believed to be much lower, but included at least some of US government agencies.
RELATED: Why Was The SolarWinds Campaign So Difficult To Detect?
The new campaign targets a different part of the supply chain, resellers and others, but with the same ultimate goal, Microsoft said.
“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” Microsoft said in its post.
The new attack doesn’t use any super-secret zero-day exploit, Microsoft found, but relies on “well-known techniques, like password spray and phishing, to steal legitimate credentials.”
RELATED: Nakasone Now Sees Ransomware, Influence Ops As ‘National Security Threats
Microsoft said it first noticed the new campaign in May and has been alerting potential victim organizations, including 140 resellers and tech service providers. Researchers said that the investigation is ongoing, but so far “as many as 14 of these resellers and service providers have been compromised.”
The compromises, combined with what Microsoft said were tens of thousands of other targeted attacks linked to Nobelium, are “an indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government.”
It’s a sentiment the US government would understand, considering its own offensive hacking capabilities and past revelations about America’s own global cyberespionage campaigns. Still the US has attempted to stiffen its response to Russian aggression online — including the expulsion of Russian officials, and an executive order signed in April designed to deter further action.
“I was clear with President Putin that we could have gone further, but I chose not to do so,” President Joe Biden said at the time. “I chose to be proportionate.”
Microsoft’s revelation today appears to show that the hoped-for deterrence effect hasn’t kicked in.
GA-ASI’s MQ-9B: The right UAV for persistence, power, and performance
When assessing the state of the art of unmanned aerial systems, it’s critical to be very clear about what various aircraft can and can’t do – and could never do.
Norway’s top officer on his ‘biggest challenge,’ next frigate and new NATO neighbors
Gen. Eirik Kristoffersen, Norway’s Chief of Defense, talks to Breaking Defense about his plans for spending on new frigates and subs, the challenges of upgrading Norway’s “digital backbone” and refilling the military’s stocks.
