Microsoft has been monitoring Nobelium’s latest campaign since May, notifying more than 140 companies in the group.
Richmond, Virginia — Microsoft has been constantly attacking cloud service companies and others since the summer as hackers backed by the same Russia that caused the 2020 SolarWinds breach continue to attack the global tech supply chain. He said he was targeting.
The group, which Microsoft calls Noberium, has adopted a new strategy that allows cloud service resellers to take advantage of direct access to their customers’ IT systems, “impersonating an organization’s trusted technology partner to access downstream customers. We want to make it easier. “Resellers act as an intermediary between a giant cloud company and its ultimate customers, managing and customizing their accounts.
“Fortunately, this campaign was discovered early on. To share these developments with cloud service resellers, technology providers, and their customers to prevent Nobelium from becoming more successful. We can take timely steps, “said Tom Bart, Vice President of Microsoft. President, Said in a blog post..
The Biden administration downplayed Microsoft’s announcement. A U.S. government official who claimed anonymity and discussed the government’s response said: By Russia and other foreign governments. “
The Russian embassy did not immediately respond to the request for comment.
US-Russian relations are already tense this year over a series of high-profile ransomware attacks on US targets launched by Russia-based cyber gangs. US President Joe Biden has warned Russian President Vladimir Putin to crack down on ransomware criminals, but recently some of the top cybersecurity executives have said no evidence of this.
Supply chain attacks allow hackers to steal information from multiple targets by breaking into a single product that everyone uses. The U.S. government has previously blamed Russia’s SVR foreign intelligence service for SolarWinds hack, a supply chain hack that was undetected for most of 2020, endangering some federal agencies and terribly embarrassing Washington. I did.
Microsoft has been monitoring Nobelium’s latest campaigns since May, notifying more than 140 companies in the group, 14 of which are believed to have been compromised. The attacks have been more and more relentless since July, with Microsoft saying it has informed 609 customers that there were 22,868 attacks by Nobelium, with success rates in the low single digits. This is more attacks than Microsoft has flagged all nation-state officials in the last three years.
“Russia seeks to gain long-term and systematic access to various points in the technology supply chain and establish a mechanism for monitoring targets of interest to the Russian government now or in the future.” Said Mr. Bart.
Microsoft didn’t name hacker targets in its latest campaign. But cybersecurity firm Mandiant said he saw victims in both Europe and North America.
Charles Carmakal, Mandiant’s Chief Technology Officer, said the way hackers track resellers makes it difficult to detect.
“It shifts the first intrusion from the ultimate target, which is an organization with more mature cyber defenses, to smaller technology partners with less mature cyber defenses,” he said.
Matt Otto, an AP business writer in Silver Spring, Maryland, contributed to this report.
Solarwinds hackers targeting cloud services, according to Microsoft
Source link Solarwinds hackers targeting cloud services, according to Microsoft