Microsoft is warning that Nobelium, the group behind the SolarWinds attack, is active again and targeting cloud services.
Nobelium is a hacker group that is backed by and part of the Russian intelligence service SVR. The group was responsible for the devastating SolarWinds attack in 2020. The hack hit multiple US government agencies, as well as high-profile corporations, including Microsoft.
Tom Burt, Microsoft Corporate Vice President, Customer Security & Trust, is warning in a blog post that the group is once again active, and is targeting companies that provide cloud services.
Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.
Burt warns that Nobelium has already been extremely active in 2021,
These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits. By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.
The increased rate of attacks seems to indicate that Russia is working to achieve a long-term digital foothold in various cloud infrastructure platforms.
This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.
The revelation is further evidence of the importance of companies and organizations of all sizes having strong, comprehensive security policies in place and building their products with a security-first mindset.