A new report from Microsoft accuses Russia of launching cyberattacks against resellers and other technology service providers in the global IT supply chain.
“Today, we’re sharing the latest activity we’ve observed from the Russian nation-state actor Nobelium,” Microsoft corporate vice president Tom Burt writes. “This is the same actor behind the cyberattacks targeting SolarWinds customers in 2020 and which the U.S. government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.”
According to Microsoft, Nobelium has been targeting companies that customize, deploy and manage cloud services and other technologies on behalf of their customers with the goal of accessing their customers’ IT systems and impersonating their trusted technology partners to gain access to their own downstream customers.
“We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community,” Burt adds. “Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium.”
So far, up to 14 of the targetted resellers and service providers have been compromised, Microsoft says, so it is sharing this information to help others take steps to help ensure Nobelium is not more successful. And the scope of these attacks is staggering: Microsoft says that 609 customers were attacked 22,868 times by Nobelium between July and October; by comparison, the software giant says that it saw a total of 20,500 nation-state cyberattacks over the previous three years.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft adds in a condemnation of that nation’s government.
Tagged with Security