The U.S. technology giant Microsoft says that the same Russia-backed hackers responsible for the 2020 SolarWinds breach of corporate computer systems is continuing to attack global technology systems, this time targeting cloud service resellers.
Microsoft said the group, which it calls Nobelium, is employing a new strategy to take advantage of the direct access resellers have to their customers’ IT systems, hoping to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.”
Resellers are intermediaries between software and hardware producers and the eventual technology product users.
In a statement Sunday, Microsoft said it has been monitoring Nobelium’s attacks since May and has notified more than 140 companies targeted by the group, with as many as 14 of the companies’ systems believed to have been compromised.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government,” Microsoft wrote in a blog post.
“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” the company said.
Microsoft said Nobelium had made 22,868 attacks since July but had only been successful a handful of times. Most of the attacks have targeted U.S. government agencies and think tanks in the United States, followed by attacks in Ukraine, the United Kingdom and in other NATO countries.
A U.S. government official downplayed the attacks in a statement to The Associated Press, saying, “The activities described were unsophisticated password spray and phishing, run-of-the mill operations for the purpose of surveillance that we already know are attempted every day by Russia and other foreign governments.”
Washington blamed Russia’s SVR foreign intelligence agency for the 2020 SolarWinds hack, which compromised several federal agencies and went undetected for much of last year. Russia has denied any wrongdoing.
Some information for this report comes from AP and Reuters.