The latest assault has been underway since at least May, according to MSTIC, with Nobelium employing a “diverse and changing toolkit that contains” several methods.
Microsoft said Monday that the Russian-backed hacking group that carried out the massive SolarWinds cyberattacks last year is responsible for a new and continuing assault.
The Nobelium group attempted to infiltrate “the governments, think tanks, and other businesses they serve” through their cloud computing services and other IT services.
The Senate Select Committee on Intelligence released a report in January detailing an ongoing cyberattack against the US government dating back to 2013 that is being conducted by.”
“It appears the SolarWinds Russia-connected hackers who were active last year’s assault are back on the prowl for sensitive information and stepping up supply chain assaults across the board,” Dan Ives of Wedbush Securities wrote in a note to investors.
In response to allegations that it carried out a SolarWinds attack, the United States imposed sanctions in April. It expelled Russian diplomats in protest of its alleged role in the SolarWinds assault and election interference, and other hostile action.
The most recent assault, MSTIC claims, has been going on since at least May, with Nobelium employing a “diverse and dynamic toolkit that includes sophisticated malware.”
Crucial links in the supply chain
“Nobelium has been attempting to replicate the method it employed in previous assaults by targeting organizations linked to the global IT supply chain,” Microsoft vice president Tom Burt stated in a blog entry posted late Sunday.
Burt also mentioned another area in which Nobelium is investing: “resellers,” or firms that modify Microsoft’s cloud computing offerings for commercial and other organizations.
“We have contacted more than 140 resellers and technology service providers that Nobelium targeted since May,” he added.
“We’re still looking into it, but we believe as many as fourteen of these resellers and service providers have been hacked.
Microsoft said it had contacted all known targets of the most recent assault. While it didn’t name any of the organizations affected, it did say they were “victims of interest for intelligence gain.”
The software firm urged its customers to double-check their security processes, utilizing multi-factor authentication where feasible.
SolarWinds began tracking the gang’s activities after capturing at least six high-profile targets in a single day in August, including Bertelsmann SE and The Financial Times. In October, Nobelium resurfaced after Solarwinds discovered a resurgence of attacks on government agencies, think tanks, consultants, and other organizations.
The number of attacks is increasing, according to Burt. Microsoft has informed more than 600 customers of nearly 23,000 attempted intrusions this year.
While the success rate was “in the low single digits,” these figures compare to “attacks from all nation-state actors 20,500 times during the previous three years”.
The previous year has seen a slew of high-profile cyberattacks with significant consequences, as businesses increasingly are unable to operate when their online infrastructure is hacked.