Microsoft: Yep, Russia Is At It Again
- Paul Thurrott
- Oct 26, 2021
-
2
A new report from Microsoft accuses Russia of launching cyberattacks against resellers and other technology service providers in the global IT supply chain.
“Today, we’re sharing the latest activity we’ve observed from the Russian nation-state actor Nobelium,” Microsoft corporate vice president Tom Burt writes. “This is the same actor behind the cyberattacks targeting SolarWinds customers in 2020 and which the U.S. government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.”
Windows Intelligence In Your Inbox
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
According to Microsoft, Nobelium has been targeting companies that customize, deploy and manage cloud services and other technologies on behalf of their customers with the goal of accessing their customers’ IT systems and impersonating their trusted technology partners to gain access to their own downstream customers.
“We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community,” Burt adds. “Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium.”
So far, up to 14 of the targetted resellers and service providers have been compromised, Microsoft says, so it is sharing this information to help others take steps to help ensure Nobelium is not more successful. And the scope of these attacks is staggering: Microsoft says that 609 customers were attacked 22,868 times by Nobelium between July and October; by comparison, the software giant says that it saw a total of 20,500 nation-state cyberattacks over the previous three years.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft adds in a condemnation of that nation’s government.
To help customers, Microsoft has published technical guidance so that organizations can protect themselves against the latest Nobelium activity, as well as guidance for its partners.