Friday 29 Mar 2024
By
main news image

KUALA LUMPUR (Oct 26): Russian nation-state actor Nobelium has been attacking cloud service resellers and other technology service providers, according to Microsoft.

In a blog post on Sunday (Oct 24), Microsoft said 140 resellers and technology service providers were targeted, with as many as 14 believed to have been compromised.

The company added that Nobelium was the same actor behind the cyberattacks targeting SolarWinds customers in 2020 and which the US government and others had identified as being part of Russia’s foreign intelligence service known as the SVR.

Microsoft corporate vice-president of customer security and trust Tom Burt said Nobelium had been attempting to replicate the approach it used in past attacks by targeting organisations integral to the global information technology (IT) supply chain.

He added that this time, it is attacking a different part of the supply chain — resellers and other technology service providers that customise, deploy and manage cloud services and other technologies on behalf of their customers.

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organisation’s trusted technology partner to gain access to their downstream customers.

“We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community,” said Burt.

According to him, the recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.

“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers and their customers take timely steps to help ensure Nobelium is not more successful,” he said.

Burt added that between July 1 and Oct 19 this year, some 609 customers were attacked 22,868 times by Nobelium, with a success rate in the low single digits.

“By comparison, prior to July 1, we notified customers of attacks from all nation-state actors 20,500 times over the past three years,” he said.

      Print
      Text Size
      Share