Russia-based hackers who attacked SolarWinds are targeting government agencies, thinking tanks and more in the fresh campaign, Microsoft warns
Kremlin-backed hackers targeted SolarWinds customers in a supply chain attack last year, launched a fresh cyber offensive.
This is the warning from Microsoft, which calls Russia-backed hackers Nobelium, a hacking group also known as APT29, Cozy Bear, and the Dukes.
Nobelium hackers target government agencies, thought tanks and non-governmental organizations, Microsoft warns blog post.
Nobelium launched the current attacks after accessing an email marketing service used by the United States Agency for International Development, or USAID, according to Microsoft.
“This week we observed cyberattacks by actor Nobelium’s threat targeting government agencies, think tanks, consultants, and non-governmental organizations,” the security and customer confidence by the company’s VP Tom Burt.
“The wave of these attacks targeted approximately 3,000 email accounts in more than 150 different organizations,” Burt wrote. “While organizations in the United States received the largest share of attacks, targeted victims reach at least 24 countries. At least a quarter of targeted organizations are involved in the work. international development, humanitarian, and humanitarian.
“Nobelium, which originated in Russia, was the same actor behind the attacks on SolarWinds customers in 2020,” he added. “These attacks seem to be a continuation of Nobelium’s many efforts to target government agencies involved in foreign policy as part of the intelligence-gathering effort.”
“Many of the attacks that target our customers are automatically blocked, and Windows Defender prevents malware involved in this attack,” Burt said. “We’re also in the process of notifying all of our targeted customers.”
Burt said this fresh campaign is noteworthy for many reasons. It’s part of Nobelium’s playbook to gain access to trusted technology providers and infect their customers.
“By piggybacking on software updates and now email providers, Nobelium increases the chances of having collateral damage to intelligence operations and undermines confidence in the technology ecosystem,” it wrote niya.
The second striking point is that the Nobelium alone seems to have been targeted by Russian interest organizations and its government.
“This time Nobelium has targeted a lot of human and humanitarian organizations,” Burt said. “At the height of the Covid-19 pandemic, Russian artist Strontium targeted health organizations involved in vaccines. In 2019, Strontium targeted sports and political organizations. And we previously disclosed Strontium’s activity and other artists targeting major elections in the U.S. and elsewhere. “
“This is another example of how cyberattacks have become the tool of choice for a growing number of nation states to achieve various political goals, with the focus of these Nobelium attacks on human rights and humanitarian organizations, ”Burt said of the show
And the third point Burt said is that nation-state cyberattacks are not slowing down, and clear policies are needed for “managing nation-state behavior in cyberspace and clearly anticipating the consequences for violating those policies. “
Microsoft’s Burt did not say which or how many of Strontium’s attempts were successful.
The Nobelium is linked to Russia’s Foreign Intelligence Service (SVR), where the The West blames SolarWinds ’sophisticated hacking campaign last year.
Hackers inserted backdoor code into SolarWinds ’Orion platform in March of 2020 (or possibly earlier according to a US senator) and used it to access the systems at least half a dozen U.S. federal agencies, as well as potentially thousands of private companies before the attack was discovered in December.
In March 2021 it was revealed that SolarWinds hackers already had gained access to the U.S. ‘head of the Department of Homeland Security and members of the department’s cybersecurity staff.
Russia’s Foreign Intelligence Service (SVR) director Sergei Naryshkin this month denied that Russia was behind the hacking, and in fact suggested that Western intelligence agencies actually carried it out.
But the former head of the NCSC, Ciaran Martin, have trash the comments from Naryshkin, pointing out that there was evidence that the tactics, techniques and tools used by the hackers matched “many years of SVR activity”.
British Foreign Secretary Dominic Raab earlier this month had a blunt message for Russia when he said that Russia cannot continue to adopt and host hackers targeting Western countries.
Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of knews.uk and knews.uk does not assume any responsibility or liability for the same.