The Russia-based agency behind last year's massive SolarWinds cyberattack has tried to hack another 140 tech companies, its latest int...
The Russia-based agency behind last year's massive SolarWinds cyberattack has tried to hack another 140 tech companies, its latest intrusion into US cyber infrastructure just months after the US expelled 10 diplomats over the last hack.
Microsoft says that Nobelium's latest hack targeted 'resellers and other technology service providers that customize, deploy and manage cloud services.' Fourteen firms successfully had their defenses breached, although they haven't been named, and further information on the nature of the hacks have not been shared.
The goal of Nobelium, which is widely-believed to be working for Russia's SVR intelligence agency, is to impersonate the technology companies and gain access to their downstream customers, Microsoft said in a blog post Monday.
The move would target any company that uses the products and services of the companies that were attacked.
In April, President Joe Biden expelled 10 Russian diplomats and sanctioned six companies after accusing the country of ordering last year's SolarWinds hacks. The president announced at the time that he'd backed off imposing harsher sanctions on Russia because he wanted to 'de-escalate' tensions with Vladimir Putin.
Microsoft said Monday that it's discovered a new round of hacks from Russia-backed Nobelium that targeted 140 cloud-computing companies in hopes of accessing their customers' data
Nobelium is believed to be working with Russia's SVR agency, the successor to the KGB, whose Moscow headquarters is pictured
In April, President Joe Biden expelled 10 Russian diplomats from the US and sanctioned six companies after last year's SolarWinds hack, which exposed nine US federal agencies
'I was clear with President Putin that we could have gone further, but I chose not to do so,' Biden said after calling the Russian president, according to the Associated Press.
'Now is the time to de-escalate.'
The sanctions barred US banks from buying Russian bonds from the Russian Central Bank, Russian National Wealth Fund and Finance Ministry, making it difficult for the country to raise money.
They sanctions package also included 32 sanctions on individuals believed to have worked with Russia to turn last year’s presidential election for Donald Trump.
Beginning in March 2020, Nobelium used the system management company SolarWinds, which runs the Orion platform, to gain access to the networks of Intel and Belkin and government agencies like the Treasury and Homeland Security departments, among other entities.
Russia has denied all involvement.
The latest attacks into different tech companies were part of a broader campaign over the summer, Microsoft said, adding it had notified 609 customers between July 1 and October 19 that they had been attacked.
Biden says he told President Vladimir Putin of Russia that 'we could have gone further, but I chose not to do so.' Russia has denied all involvement in the SolarWinds hack
The hack of SolarWinds, which runs IT management system Orion, hurt an estimated 18,000 SolarWinds customers who downloaded compromised software updates
Only 14 of the resellers and service providers have been compromised in this latest round, Microsoft said as it continues to investigate the scope of the breach.
US cybersecurity officials could not be immediately reached to confirm the report.
US officials confirmed to the New York Times that the operation was underway.
One unnamed senior administration official called it an 'unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.'
Nobelium did not appear to exploit any software vulnerabilities and instead focused on a tried-and-true method of stealing legitimate login credentials to privileged access, Microsoft notes.
In its blog post, Microsoft wrote: 'This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling - now or in the future - targets of interest to the Russian government.'
The SolarWinds attack hurt an estimated 18,000 SolarWinds customers who downloaded compromised software updates. The updates allowed the alleged Russian hackers to access their servers, though the explicit intent of the breaches is not yet known.
Washington-based Microsoft says the latest breach was not sophisticated and that it appeared to steal legitimate login credentials to gain access to the tech companies
The breach went on to expose the information of at least nine US federal agencies.
Chad Wolf, the acting head of the Department of Homeland Security during the Trump administration, had his emails accessed.
A second cabinet member, Dan Brouillette of the Energy Department, had his schedules compromised.
'The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,' said Sen. Rob Portman of Ohio, the top Republican on the Senate's Homeland Security and Governmental Affairs Committee, earlier this year.
'We are talking about DHS's crown jewels.'
Microsoft says it has worked with companies that use its cloud services to prevent future attacks.
In September 2020, the Redmond, Washington-based company said it updated its customer contracts to expand Microsoft's ability to address security breaches.
It also required companies to use protections like multi-factor authentication when accessing their products, which are used by business to do everything from accounting to in-office communication.
In February of this year, Sen. Ron Wyden criticized Microsoft for knowing about the vulnerabilities and not acting soon enough.
'The federal government spends billions on Microsoft software,' Wyden told Reuters ahead of a SolarWinds hearing in the House of Representatives.
'It should be cautious about spending any more before we find out why the company didn’t warn the government about the hacking technique that the Russians used, which Microsoft had known about since at least 2017,' he said.
No comments