Microsoft executives warned on Monday that hackers who targeted Solarwinds’ software in recent months are now attempting to target the global IT supply chain.
Starting in May of this year, Nobelium, a hacking group allegedly linked to the Russian government, is now “targeting organizations integral to the global IT supply chain” by replicating the approach it used in past hacks, including the breach of Solarwinds, according to Microsoft executive Tom Burt in a blog post.
“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” Burt wrote. “We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.”
Burt said that the hackers are using phishing emails and a technique known as password spray, which involves typing commonly used passwords like “password1” or “1234” on key accounts.
But according to Burt, Microsoft has “fortunately” found the alleged campaign “during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful.”
Some 140 resellers and technology service providers were targeted so far by the campaign, according to the operating system provider. About 14 of those have been compromised, Microsoft added, without providing more details.
Cybersecurity firm Mandiant said Monday that it had discovered Nobelium’s victims in both Europe and North America.
“It shifts the initial intrusion away from the ultimate targets, which in some situations are organizations with more mature cyber defenses, to smaller technology partners with less mature cyber defenses,” Mandiant Chief Technology Officer Charles Carmakal said in a statement.
The Epoch Times has contacted the Russian embassy for comment.
Russian presidential spokesman Dmitry Peskov has rejected previous hacking accusations, namely media reports saying the Kremlin was involved in the SolarWinds breach that targeted a number of federal agencies.
“Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away,” he told the TASS news agency several months ago. “We have nothing to do with this.”
Should U.S. government officials repeat Microsoft’s assertions, it will surely further strain ties between the Biden administration and Moscow. Earlier this year, the White House carried out sanctions against several Russian government officials and businesses, which came as President Joe Biden agreed with the claim by an ABC News anchor that Russian President Vladimir Putin is “a killer.”