According to a Microsoft blog post published overnight Monday, Russian hacking group Nobelium has been relentlessly targeting cloud service companies since the summer. Microsoft says this is a part of a larger effort to disrupt the global technology supply chain.
“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” Microsoft Corporate Vice President of Customer Security and Trust Tom Burt said in the blog post.
Microsoft went on to say the cloud hacking campaign began back in May. The company said it has “been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community”.
“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” Burt said. “We continue to investigate, but to date, we believe as many as 14 of these resellers and service providers have been compromised.”
The Biden administration downplayed the Microsoft blog post on cloud hacking. A U.S. government official briefed on the issue who talked to The Associated Press on the condition of anonymity noted, “the activities described were unsophisticated password spray and phishing, run-of-the-mill operations for the purpose of surveillance that we already know are attempted every day by Russia and other foreign governments”. In a press gaggle aboard Air Force One, Deputy Press Secretary Karine Jean-Pierre added, “You can prevent these attempts if the cloud service providers implement baseline cybersecurity practices, including multifactor authentication”.
Nobelium is widely known for being responsible for the cyberattacks targeting SolarWinds customers in 2020. According to a Microsoft report published earlier this month, “Nobelium, and its aggressive targeting of IT service providers and Western government institutions, catapulted Russia to the top spot for countries where attacks originated” from July of 2020 to June of 2021.
Since then, “we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said in Monday’s blog post. “By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”