Security News > 2021 > October > SolarWinds attacker on the move: Russia's Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft
Russia's Nobelium group - fingered as being a Russian state actor by both the United States and Britain - has massively ramped up phishing and password spraying attempts against managed service providers and cloud resellers, Microsoft's security arm has warned.
The Windows maker said the group's targeted attacks against "Resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers" had trebled over the past three months.
Nobelium has been linked by Microsoft and others as the organisation behind the infamous SolarWinds supply chain compromise, and linked to Russia's foreign intelligence.
During the three months between 1 July and 19 October this year, Microsoft said it had seen Nobelium make 22,868 attack attempts against MSP customers, contrasting that figure with 20,500 attacks "Over the past three years." Redmond claimed that 609 customers were targeted in the latest blurt of activity from the Russian state actor "With a success rate in the low single digits."
"This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling - now or in the future - targets of interest to the Russian government," wrote Microsoft corporate veep Tom Burt.
"Russia does not conduct offensive operations in the cyber domain," said an implausible statement published by Russia's US embassy in December 2020, long before the attack was attributed to the SVR. English-language statements from Russian political figures are usually intended to confuse and mislead Western audiences, the best guide to country's government's intentions being its actions rather than words.
News URL
Related news
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)
- Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks (source)