Microsoft: Yep, Russia Is At It Again

Posted on October 26, 2021 by Paul Thurrott in Cloud, Microsoft with 2 Comments

A new report from Microsoft accuses Russia of launching cyberattacks against resellers and other technology service providers in the global IT supply chain.

“Today, we’re sharing the latest activity we’ve observed from the Russian nation-state actor Nobelium,” Microsoft corporate vice president Tom Burt writes. “This is the same actor behind the cyberattacks targeting SolarWinds customers in 2020 and which the U.S. government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.”

According to Microsoft, Nobelium has been targeting companies that customize, deploy and manage cloud services and other technologies on behalf of their customers with the goal of accessing their customers’ IT systems and impersonating their trusted technology partners to gain access to their own downstream customers.

“We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community,” Burt adds. “Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium.”

So far, up to 14 of the targetted resellers and service providers have been compromised, Microsoft says, so it is sharing this information to help others take steps to help ensure Nobelium is not more successful. And the scope of these attacks is staggering: Microsoft says that 609 customers were attacked 22,868 times by Nobelium between July and October; by comparison, the software giant says that it saw a total of 20,500 nation-state cyberattacks over the previous three years.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft adds in a condemnation of that nation’s government.

To help customers, Microsoft has published technical guidance so that organizations can protect themselves against the latest Nobelium activity, as well as guidance for its partners.

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (2)

2 responses to “Microsoft: Yep, Russia Is At It Again”

  1. huddie

    Good to know. So service providers are now a major target as a way into your business. The figures show just how much states have ramped up their cyber-warfare activity in the last few years. Good article and MS blog post.

  2. navarac

    I would hope that Western Governments are doing the same to these scroats.

Leave a Reply