Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Russia-Linked SolarWinds Hackers Continue Supply Chain Attack Rampage

The Russia-linked cyberespionage group that hacked IT management solutions provider SolarWinds continues to launch supply chain attacks, Microsoft warned on Monday.

The Russia-linked cyberespionage group that hacked IT management solutions provider SolarWinds continues to launch supply chain attacks, Microsoft warned on Monday.

The threat actor, tracked by Microsoft as Nobelium (and APT29 and Cozy Bear by others), has been running a campaign since May 2021, in which it has targeted at least 140 organizations, including 14 whose systems have been compromised.

In the SolarWinds attack, the hackers delivered their first-stage malware to thousands of organizations, and hacked into the networks of roughly 100 entities by leveraging the access they had to SolarWinds systems.

In the more recent attacks, Microsoft said Nobelium targeted “resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.”

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” Microsoft said.

Mandiant has also been monitoring these attacks and the cybersecurity firm spotted downstream victims in North America and Europe.

The tech giant informed over 600 customers about nearly 23,000 Nobelium-linked attacks between July 1 and October 19. Whily only a handful of the targets actually had their systems compromised, Microsoft wanted to highlight that it only sent out a total of 20,500 alerts to customers regarding all state-sponsored attacks observed over the past three years, prior to July 1.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft said.

In a report published earlier this month, Microsoft said Russia had been behind 58% of the state-sponsored cyberattacks it has observed.

The company noted on Monday that the recent Nobelium attacks have not exploited any software vulnerabilities, and instead leveraged techniques such as phishing and password spraying to steal legitimate credentials and gain access to targeted systems.

Microsoft has also made available technical guidance that can help organizations detect attacks launched by Nobelium.

Last month, Microsoft published a blog post detailing a piece of malware used by the threat group to exfiltrate data from compromised servers.

Related: Microsoft, Intel and Goldman Sachs Lead New Supply Chain Security Initiative

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.