Microsoft warns: Russian hacking group behind SolarWinds attack is targeting global IT supply chain

Hundreds of Microsoft customers have been the targets of thousands of attacks by Russian hacking group Nobelium in recent months

Updated: October 25, 2021 - 8:52am

The Facts Inside Our Reporter’s Notebook

Links

Microsoft has warned that the group behind the SolarWinds cyberattack has launched a campaign against the global IT supply chain, primarily targeting companies that resell and provide cloud technology.

In a recent blog post to the company's website, Microsoft's corporate vice president of customer security and trust, Tom Burt, wrote that "state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain."

Nobelium is "attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers," according to the company.

Burt wrote that 609 Microsoft customers had been informed that they'd been attacked between July and October of this year close to 23,000 times "with a success rate in the low single digits."

The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were "password spray and phishing" attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.

The Russian state-backed hacking group is, according to Burt, "trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government."