has exposed new attacks by the SolarWinds hackers. The group called Nobelium is said to have recently targeted at least 140 resellers and technology service providers in global IT supply chains.
According to a security warning from Microsoft, the Russian-based Advanced Persistent Threat (APT) group has now switched to software and cloud service resellers in order to “take advantage of any direct reseller access to their customers’ IT systems”. The latest Nobelium campaign was discovered in May this year and affects no fewer than 140 companies. A total of 14 cases of compromise were confirmed.
Nobelium was responsible for the SolarWinds slump reported by Microsoft and FireEye (now Mandiant) in December 2020. The hackers managed to break into SolarWinds systems and infect an update for Orion software with malware. It was later distributed to around 18,000 customers, including Microsoft and FireEye as well as the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Agency (CISA) and the US Treasury Department.
“These recent activities are further evidence that Russia is seeking long-term and systematic access to a variety of points in the technology supply chain and a mechanism to monitor – now or in the future – goals that are relevant to the Russian government are of interest, ”said Microsoft. “Fortunately, we spotted this campaign at an early stage, and we’re sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to ensure Nobelium isn’t even more successful.”