Microsoft says the Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global technology supply chain and are have been relentlessly targeting cloud services companies and others since summer.
A hacker group linked to Russia’s intelligence agency has been engaged in a major campaign to gain access to thousands of government and private computer networks, Microsoft warned on Sunday, signaling that Moscow-backed cyber attacks on the U.S. Have continued despite the Biden administration’s sanctions against it.
The group, which Microsoft calls Nobelium, has employed a new strategy to piggyback on the direct access that cloud service resellers have to their customer’s IT systems, hoping to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” Resellers act as intermediaries between software and hardware makers and product users.
Nobelium was also behind an attack on IT companies, governments, think tanks, and financial service entities earlier this year that spanned 36 countries, Microsoft announced in June.
When they met in Geneva in the summer, U.S. President Joe Biden said he gave Russian President Vladimir Putin a list of 16 critical sectors that shouldn’t be hacked to deter a cyber response from the U.S. Government, but the attacks have continued. The Kremlin, for its part, has repeatedly denied responsibility for any hacking attacks.
Earlier this month, Microsoft reported that Russia accounted for the majority of state-sponsored hacking detected by the Seattle-based software and Internet giant during the past year. Most of the attacks targeted government agencies and think tanks in the United States, followed by Ukraine, Britain, and European NATO members.
The U.S. The government has previously blamed Russia’s SVR foreign intelligence agency for the SolarWinds hacks, which went undetected for most of 2020, compromised several federal agencies, and badly embarrassing Washington. The Russian government has denied any wrongdoing.
The attacks described in the Microsoft blog were unsophisticated operations attempted daily by Russia and other foreign governments. The attackers weren’t attempting to exploit any flaws or vulnerabilities in the software, but instead using ”well-known” techniques to steal credentials.
Microsoft said the recent activity ”is another indicator that Russia is trying to gain long-term. Systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling now or in the future – targets of interest to the Russian government.”