Microsoft has released several details of a cyberattack campaign organized by the group that attacked the SolarWinds company last year: Nobelium. According to the company, the group, driven by the Russian government, is again trying to access corporate and government networks around the world, despite efforts by President Biden to sanction Russia for several previous cyberattacks.
It appears that Nobelium is using the same strategy it used to attack SolarWinds, that is, it is targeting companies whose products are central to global IT systems. In this attack campaign, yes, Nobelium members have focused on a different aspect of the IT supply chain: resellers and service providers offering cloud services, among other technology.
So far, Microsoft has informed more than 140 vendors and resellers that they have been a target of Nobelium, and believes that the group has managed to take advantage of a gap in the network of 14 of them. However, those from Redmond point out that they detected this campaign, still in its first stage, last May, which should have helped mitigate its effects.
Of course, Microsoft points out that these hacking attempts are part of an important series of attacks carried out by Nobelium over the last few months. Between July 1 and October 19, the company informed 609 of its clients that Nobelium, which has also had the names of APT29 and Cozy Bear, had tried to attack them 22,868 times, but had been successful less than 10 times. In the three years prior to July 1, Microsoft notified its customers of 20,500 customers of attacks by cybercriminals in all countries. Not just from Nobelium.
According Tom Burt, Vice President of Security and Customer Trust, Microsoft, «This recent activity is another indicator that Russia is trying to systematically gain long-term access to various points in the technology supply chain and establish a monitoring mechanism, now or in the future, of targets of interest to the Russian government.«.
