Microsoft says Russian group behind SolarWinds attack now targeting IT supply chain


You Might Also Like

– Advertisement –

The tech giant said the latest attacks were part of a “big wave” of activity going on since the summer

– Advertisement –

Microsoft warned Monday that the same Russian conglomerate behind the 2020 SolarWinds cyberattack is attempting to “replicate” an approach that is now “integral” to the global IT supply chain—specifically, resellers and technology service providers. Targeting organizations.

Tom Burt, Microsoft’s corporate vice president of customer protection and trust, shared the “latest activity” the company has seen from Russian nation-state actor Nobelium. Burt, In a blog post, Said that Nobelium was identified by the US government and others as part of Russia’s Foreign Intelligence Service, known as SVR.


US counterintelligence officials warn of threat to emerging technology from China, Russia

“Nobelium is attempting to replicate the approach used in previous attacks by targeting organizations integral to the global IT supply chain,” Burt wrote. “This time, it is attacking a different part of the supply chain: resellers and other technology service providers who customize, deploy, and manage cloud services and other technologies on behalf of their customers.”

– Advertisement –

Burt said Microsoft believes that Nobelium hopes to “ultimately piggyback on any direct access the resellers have to their customers’ IT systems and the organization’s trusted technology partners to gain access to their downstream customers.” more easily replicated.”

Microsoft said it began observing Nobelium’s latest activity in May 2021, adding that it is “informing affected partners and customers, while also developing new technical support and guidance for the reseller community.”

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” Burt wrote. “We continue to investigate, but to date we believe that 14 of these resellers and service providers have been compromised.”

Microsoft said it explored the campaign “during its early stages” and said they are looking to help cloud service resellers, technology providers and customers “take timely steps to help ensure Nobelium is not more successful.” Sharing.”

Microsoft said attacks on this area of ​​the global IT supply chain have been a part of a “big wave” of Nobelium activities over the summer.

Burt said that between July 1 and October 19, Microsoft informed 609 customers that they had been attacked by Nobleium 22,868 times, with success rates in the low single digits.

“By comparison, prior to July 1, 2021, we notified customers of 20,5000 attacks by all nation-state actors in the past three years,” Burt wrote.

Microsoft warned, however, that the activity is “another indicator that Russia is trying to achieve long-term, systematic access to various points in the technology supply chain and establishing a mechanism to monitor — now or in the future — targets.” In the interest of the Russian government.”

Microsoft described the attacks, stating that it does not appear to be an attempt to “exploit any flaws or vulnerabilities in the software”, but rather to “use well-known techniques such as password spray and phishing to steal legitimate credentials and gain profit”. use”. privileged access.” Microsoft said the company “can now provide actionable information that can be used to defend against this new approach.”

Microsoft said it is coordinating with others in the security community, and “working closely with government agencies in the US and Europe.”

“While we are clear that nation-states including Russia will not stop such attacks overnight, we continue to believe in steps such as the Cyber ​​Security Executive Order in the US and greater coordination and information sharing between industry and government. Over the past two years, Putting us all in a better position to defend against them,” Burt wrote.

White House calls for ‘new approach’ to national security challenges ‘prevailing’ in competition with China

Meanwhile, a senior administration official explained that the activities described by Microsoft were “sophisticated password spray and phishing attempts for surveillance purposes that cybersecurity experts say are attempted every day by Russia and other foreign governments and carried out over the years.” Goes.”

The official said these kinds of efforts could be halted if cloud service providers implement “baseline” cybersecurity practices, including multi-factor authentication — allowing users to authenticate their accounts with more than passwords. a remedy.

Broadly speaking, the federal government is aggressively using our officials to defend the nation from cyber threats, including increased intelligence sharing to the private sector, innovative partnerships to deploy cybersecurity technologies, bilateral and multilateral diplomacy. , and measures we do not speak publicly for national security reasons,” the official told Granthshala News.

Earlier this year, the Biden administration imposed sanctions on Russia for the SolarWinds computer hack, which began in 2020 when malicious code was included in an update to popular software that monitors computer networks of businesses and governments. Malware affecting a product made by American SolarWinds gave elite hackers remote access to an organization’s network to steal information.

White House to host global anti-ransomware meeting; Russia was not invited

Earlier this month, Biden hosted virtual meetings with more than 30 countries to “accelerate cooperation to combat ransomware,” but the White House did not extend an invitation. Russia, senior administration officials said. Officials noted that the United States and the Kremlin have a “separate channel” where they “actively” discuss the matter.

Officials said the president set up a US-Russia expert group for the US to engage “directly” on the ransomware issue.

“We look to the Russian government to address ransomware criminal activity coming from actors within Russia,” an official said, adding that the Biden administration has “shared information about criminal ransomware activity from its territory with Russia.” of it.”

“We have seen some steps by the Russian government, and would like to see follow-up actions, and broader international cooperation is an important line of effort, because these are international criminal organizations,” said an official, adding that “they are part of the global infrastructure.” take advantage.” and money laundering networks to carry out their attacks.”

Biden raised the issue of ransomware during his summit with Russian President Vladimir Putin in Geneva in June. At the time, Biden said he told Putin that “attacking some critical infrastructure should be out of bounds.” Biden said he defined “16 specific entities as critical infrastructure,” adding that it ranges from energy to water systems.

However, Putin denied during his press conference after the meeting that Russia was responsible for the cyber attacks and instead claimed that most cyber attacks in the world were from the US.

Also in the summer, the president signed a national security memorandum instructing his administration to develop cybersecurity performance targets for critical infrastructure in the United States – such as power utility companies, chemical plants and nuclear reactors. institutions.

Meanwhile, the National Counterintelligence and Security Center announced last week that it was prioritizing industry outreach efforts in the US technology sectors, where the stakes to US economic and national security are “potentially greatest”, which is the “nation”. -State dangers”. China And Russia.

ODNI warns China’s collection of US health care data, DNA pose ‘grave risk’ to economic, national security

The NCSC warned that the Kremlin is “targeting American progress through the employment of a variety of licensing and illegal technology transfer mechanisms to support national-level efforts, including its military and intelligence programs.”

NCSC officials warned that Russia is “looking to recruit talent” to “advance” its domestic research and development efforts and also pursue international scientific cooperation. The NCSC said, however, that their “resource constraints” have forced the Kremlin to focus on “indigenous” research and development efforts, such as Russian military applications of artificial intelligence.

The NCSC warns that Russia uses intelligence services, academia, joint ventures and business partnerships, talent recruitment, foreign investment, government-to-government agreements and more to acquire American technologies.

Granthshala Business’ Meghan Heaney contributed to this report.

– Advertisement –

Related News

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending News