The Russian hacking organization responsible for last year’s SolarWind hack, the targets of which included U.S. government agencies, is continuing their efforts, a Microsoft executive is alleging.
Nobelium, the hacking group that the U.S. government has identified as a part of Russia’s foreign intelligence service, is now targeting “resellers and other technology service providers that customize, deploy, and damage cloud services and other technologies on behalf of their customers,” Tom Burt, Microsoft’s corporate vice president of customer security and trust, said in a blog post on the company’s website.
Microsoft has notified more than 140 resellers and service providers that they were targets of Nobelium and that it belives that “as many as 14” of them were compromised.
Additionally, the company warned 609 customers that they had been attacked 22,868 times by Nobelium between July 1 and Oct. 19. The number of attacks represents a significant increase compared to previous years.
Burt claimed that the hacking group “ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.”
The hacking group, in its recent campaign against resellers and service providers, has not tried to exploit weaknesses in the software. Rather, they have been utilizing “well-known techniques,” such as phishing attacks, Burt said.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
Last December, SolarWinds acknowledged it had been compromised by hackers who infiltrated the company’s Orion software updates in order to distribute malware to its customers’ computers. The company said that roughly 18,000 of its customers had been affected, including federal government agencies such as the Justice Department, the State Department, and the Treasury Department.
Biden administration officials have said Russia was the attack’s “likely” perpetrator.
