SolarWinds hackers are still attacking companies, Microsoft warns

Service providers can thwart these routine attacks with basic cybersecurity best practices such as MFA

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Since May 2021, Nobelium, the threat actor behind last year’s widely-reportedSolarWinds campaign, has been observed attacking organizations in the US and Europe according tocybersecurityexperts.

Tracking the movements of Nobelium, researchers from theMicrosoftThreat Intelligence Center (MSTIC) share that the group is going after IT services organizations includingcloud serviceproviders (CSP), and managed service providers (MSP), in a bid to gain access to their downstream customers.

“MSTIC assesses that NOBELIUM has launched a campaign against these organizations to exploit existing technical trust relationships between the provider organizations and the governments, think tanks, and other companies they serve,”shares MSTIC.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The researchers add that the latest observed activity bears the hallmarks of Nobelium’s compromise-one-to-compromise-many approach.

Not over yet

The SolarWinds hacking campaign, which went undetected for over a year, brought forth the risks of asoftware supply chain attack, where compromising an essential component could be used as a springboard for further attacks on a much wider scale.

After categorizing Nobelium as Russian state-sponsored threat actors, the US governmentimposed several financial sanctionson the country and also expelled about a dozen of its diplomats.

However it seems Washington’s actions have had little impact on the Kremlin. Microsoft has reportedly observed Nobelium attack 609 companies some 22,868 times, between July 1 and October 19 this year.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

For comparison, this number represents more attacks than Microsoft observed from all government-linked hackers in the previous three years, Tom Burt, Microsoft’s corporate vice president for customer security and trust, told theWall Street Journal.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain,” asserts Burt.

All in a day’s work

A US government official briefed on Microsoft’s findings toldWSJthat the latest intrusion attempts appeared to be largely routine hacking attacks.

“Based on the details in Microsoft’s blog, the activities described were unsophisticated password spray andphishing, run-of-the mill operations for the purpose of surveillance that we already know are attempted every day by Russia and other foreign governments,” the US government official told theWSJ.

The official added that the intrusion attempts “could have been prevented if the cloud service providers had implemented baseline cybersecurity practices, including multi-factor authentication (MFA).”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well