Microsoft is warning that it has seen Nobelium – the Russian nation-state threat group responsible for the SolarWinds software supply chain hack – trying to recreate the same approach that allowed it to gain access to Federal government systems, according to an Oct. 24 blog post from the company.
Microsoft warned that since May 2021, the company has notified 609 customers that Nobelium has targeted them 22,868 times – representing an uptick in attack rates since July. Fortunately, the success rate of this spate of attacks has been in the single digits.
“Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain,” Tom Burt, corporate vice president for Customer Security and Trust wrote. “This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.”
Microsoft said the company has specifically told 140 resellers and technology service providers that they have been Nobelium targets, with up to 14 potentially compromised.
“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” Burt wrote.
The increased attack rate by Nobelium has been dramatic. The company said that in the three years prior to July 1, 2021, it had notified customers about nation-state actors 20,500 times – which is less than the number of warnings issued from this July through October 19.
Microsoft released additional technical guidance and guidance for partners about how to protect against the intrusion but said that the most common techniques the group is using are phishing attempts and password spray attempts.
President Biden released his cybersecurity executive order in May, in part, as a response to the SolarWinds Orion attack. Microsoft pointed to that order, along with increased information sharing and coordination, as a major reason that the organization is in such good shape to defend against the potential intrusions.