wordpress blog stats
Connect with us

Hi, what are you looking for?

The SolarWinds hacker is back and has the global IT supply chain in a crosshair

This new offensive from the hacker group backed by Russia uses traditional methods like phishing to gain long-term access.

Nobelium, the Russian nation-state actor which was behind the infamous SolarWinds cyber-attack that targeted several United States government agencies and firms like Microsoft, is now targeting the global IT supply chain, Microsoft said in a blogpost.

Tom Burt, Corporate Vice President of Customer Security and Trust at Microsoft said that Nobelium has been trying to replicate the approach it used in past attacks by targeting organisations integral to the global IT supply chain. “This time it is attacking a different part of the supply chain: resellers and other technology providers that customise, deploy and manage cloud services and other technologies on behalf of their customers,” Burt said.

We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers — Tom Burt, Microsoft

Background: In 2020, Reuters first reported that SolarWinds, a major US information technology firm was the victim of a hack that spread to over 15,000 of its clients and went undetected for months. The hack affected cybersecurity firms like FireEye, various departments in the US government including the Department of Homeland Security and Treasury Department, a BusinessInsider report said.

Such was the fallout of the hack that in April 2021, the US government decided that it would sanction Russia as a response to the SolarWinds cyber attack. A White House order directed the government to expel 10 diplomats and place a new range of sanctions on Russian individuals and assets.

State-sponsored cyber-attacks are a reality today. Not just in the United States, but closer home in India; it was reported last year by India Today and Times of India that power substations in Maharashtra and Telangana were attacked by Chinese hackers. These attacks on critical infrastructure indicate a paradigm shift in modern warfare. It warrants a massive overhaul of a country’s cyber defense capabilities and a need for more transparency in the process.

Advertisement. Scroll to continue reading.

Microsoft first observed the new Nobelium campaign in May

Since it started noticing instances of Nobelium’s new campaign, Microsoft said that it has been notifying impacted partners and customers.

  • Microsoft said it has notified more than 140 resellers and technology providers
  • 14 of these resellers and service providers have been compromised, the company added.

Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful — Tom Burt, Microsoft

What does this attack indicate?

Microsoft said that this attack is an indicator that Russia was trying to gain “long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government”.

Nobelium used traditional techniques to steal credentials: The company said that Nobelium did not exploit a flaw or vulnerability in software but used techniques such as password-spray and phishing, to steal legitimate credentials and gain privileged access.

What has Microsoft, a Nobelium victim, done to protect itself from the actor?

In September 2020, we updated contracts with our resellers to expand Microsoft’s abilities and rights to address reseller security incidents and to require that resellers implement specific security protections for their environments, such as restricting Partner Portal access and requiring that resellers enable multi-factor authentication (MFA) in accessing our cloud portals and underlying services[…] — Tom Burt, Microsoft

Apart from that, Microsoft said it was —

  • Piloting new features for organisations that want to provide privileged access to resellers
  • Piloting new monitoring features so that customers can manage and audit delegated accounts
  • Auditing unused privileged accounts and working with partners to remove unnecessary privilege and access

Nobelium also stole data on US sanctions policy

Months after the US announced that it would sanction Russia as a response to the SolarWinds attack, Reuters reported that Nobelium hacked into the US government systems and obtained information on counter-intelligence investigations, policy on sanctioning Russian individuals, etc.

Quoting an anonymous source, the Reuters report said, “the exposure of counter-intelligence matters being pursued against Russia was the worst of the losses.”

Advertisement. Scroll to continue reading.

This was also echoed in an annual threat review paper released by Microsoft in October 2021, which said that Russian spies were allegedly looking for US government material on sanctions and other Russia-related policies, along with methods deployed by the US to catch Russian hackers.

Also read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

India and US come to terms on how to deal with the equalisation levy in light of the impending Global Tax Deal.

News

Find out how people’s health data is understood to have value and who can benefit from that value.

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ