Microsoft has warned that hackers from the shadowy Russian-linked group behind the SolarWinds cyberattack are in the midst of a fresh campaign to compromise the global tech supply chain.
The Nobelium hacking group has been engaged in a series of coordinated cyberattacks against companies that manage or resell cloud technology services since May this year, according to a blog post by Tom Burt, Microsoft's Corporate Vice President, Customer Security & Trust. At least 609 customers have been attacked 22,868 times by Nobelium between July 1 and October 19, although just a handful have been successfully compromised.
Microsoft said the purpose of the campaign is to "piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers." The ongoing campaign by Nobelium has been using well-known hacking techniques to steal credentials and gain privileged access to computer systems. For instance, hackers have reportedly used a technique called password spraying that attempts to use common passwords like Password123! against multiple different accounts in an attempt to acquire access.
Nobelium was allegedly the group responsible for the infamous SolarWinds breach disclosed in December 2020. The hack gave the attackers access to the computer networks of thousands of SolarWinds’s customers around the world including US government agencies — including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Justice, the Department of Energy, and the National Nuclear Security Administration.
The whole affair caused quite a stir, not least because the US and the UK accused the group of having links to the Kremlin. In the response to the hack, the White House expelled Russian diplomats and placed a range of new sanctions on Russian individuals and assets. Russia denied responsibility for the SolarWinds breach, but the head of Russia's Foreign Intelligence Service said he was "flattered" by the accusations they were behind such an effective attack.
Now, Microsoft says Nobelium is back to its old tricks by “attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” explains Burt.
"Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful."