Hackers continue to work with Russian support.
Even after U.S. President Joe Biden is imposing sanctions on financial institutions from Russia, state-sponsored cyberattacks continue to harass U.S. cloud infrastructure, Microsoft reported in a recent blog post. While the software company has not yet revealed the details of these attacks, it has reported over 22,000 attacks between July 1 and October 19 this year, providing a measure of activity targeting cloud infrastructure in the U.S.
Last year, almost 100 companies and nine federal agencies were successfully ‘compromised’ by sophisticated cyber-attacks which were later termed as ‘SolarWinds.’ Investigations revealed that these attacks that originated in Russia were carried out by a state-sponsored actor, Nobelium, which is part of the foreign intelligence service called SVR.
In the blog post, Microsoft Vice President of Customer Security and Trust, Tom Burt, has revealed that Nobelium is now attacking different parts of the global IT supply chain, cloud service resellers, and other technology providers. A few months ago, we had reported how a ransomware attack on one such provider had a domino effect that hit hundreds of businesses in 17 countries.
Burt further elaborated in the blog post that as many as 140 such resellers have been targeted since May this year and 14 of them may have been compromised. By managing to penetrate the systems of these service providers, Nobelium is hoping to gain access to networks of their downstream customers as well, Microsoft blog post said. By doing so, Russia is looking to gain ‘systematic and long-term access’ in the technology supply chain and may use it for surveillance, either now or in the future.
While clarifying that the cyberattacks were not facilitated by vulnerabilities in software but attempted through basic hacking methods like ‘password sprays and phishing,’ to gain access. The company has recorded 22,868 instances of such attacks between July 1 and October 19 this year but with very little success. However, the intensity of the attacks has increased since only 20,500 attacks were recorded in the previous three years, prior to July 1, Burt said in the blog post.
Speaking to New York Times, a senior U.S. government official, called these attacks “unsophisticated, run-of-the-mill operations,” that could be prevented with baseline security measures. On its part, Microsoft is encouraging its resellers to implement security features and has also rolled out a technical document for organizations to protect themselves from Nobelium’s activity, the company said.
Even as Microsoft and the U.S. government agencies push for more security measures such as multi-factor authentication (MFA), there is opposition from corporations, NYT reported. Without sufficient defenses in place, another SolarWinds-like attack could be in the offing.