Loading...

Microsoft Says Russian Hackers Again Target Global Supply Chain

October 26, 2021 by Tom Ramstack
Microsoft Says Russian Hackers Again Target Global Supply Chain
In this Jan. 28, 2020, photo, a Microsoft computer is among items displayed at a Microsoft store in suburban Boston. (AP Photo/Steven Senne)

WASHINGTON — Microsoft announced Monday that the same hackers who tapped into U.S. government computers in the 2020 SolarWinds cyberattack continue to attack the global supply chain but with a slightly revamped strategy.

This time, the Russia-backed group Microsoft calls Nobelium is piggybacking onto the software of cloud service reseller companies in an apparent attempt to break into their customers’ information technology systems.

Microsoft said in a statement that Nobelium secretly inserts spying software into the resellers’ systems to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.”

Microsoft officials do not yet have an assessment of how much damage Nobelium has done.

“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” Microsoft vice president Tom Burt said in a blog post.

Resellers act as intermediaries in computer system distribution by purchasing software or hardware from manufacturers or wholesalers, selling it to customers and managing their accounts. The customers necessarily put a high degree of trust in their services.

Microsoft said that since May, it has notified more than 140 companies that they were targets of the Nobelium attacks. Fourteen of them are likely to have had their systems hacked.

The latest attack bears similarities to the 2020 SolarWinds attack for the way it embeds spyware into what appears to be legitimate software products.

The SolarWinds attack found a weakness in a popular cybersecurity program that allowed it to spy on government and corporate computers globally.

In the United States, the U.S. departments of Treasury, Commerce and Homeland Security all reported being hacked. Internationally, the victims included the North Atlantic Treaty Organization, the European Parliament, the United Kingdom’s Defense Ministry and pharmaceutical giant AstraZeneca.

So far, the U.S. government is downplaying the importance of the attack Microsoft announced Monday, describing it as a routine password spray and phishing attack.

However, Microsoft indicated it might be more serious. The company has notified more than 600 of its customers that it recorded 22,868 Nobelium attacks on their systems.

Although their success rate is small, Microsoft described the attack as the largest it had seen from a single country in years. Microsoft also left no doubt the Russian government was suspected.

“Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” the Microsoft blog post said.

The U.S. government blamed Russia’s SVR foreign intelligence agency for the SolarWinds attack. Its apparent motive was to help Russia gain global supply chain secrets that could give it an economic advantage using other organizations’ technology.

The Microsoft announcement adds another chapter to increasing friction between the United States and Russia over cyberattacks.

President Joe Biden has personally warned Russian President Vladimir Putin to stop the attacks but State Department officials say they see no evidence he has made an effort.

Biden warned Putin after the May 2021 Colonial Pipeline ransomware attack on the pipeline that carries gas and jet fuel from Houston to the Southeastern United States. The Russian hackers demanded $4.4 million in bitcoin before they would release their block on the oil company’s software.

Colonial Pipeline paid the ransom but the pipeline was shut down for five days.

Tom can be reached at tom@thewellnews.com.

In The News

May 25, 2022
by Tom Ramstack
Assurances on Resolving Baby Formula Shortage Met With Suspicion in Congress

WASHINGTON — Lawmakers at a congressional hearing Wednesday were skeptical of assurances by government regulators and manufacturers that they can... Read More

WASHINGTON — Lawmakers at a congressional hearing Wednesday were skeptical of assurances by government regulators and manufacturers that they can resolve the nation’s shortage of baby formula promptly. They described the problems they observed as part of a bigger trend that requires long-term solutions. “This presents... Read More

May 25, 2022
by Dan McCue
Sergeant-at-Arms: Capitol Complex Should Largely Be Gun-Free Zone

WASHINGTON — Loaded firearms have no place in the U.S. Capitol or on its grounds, unless they are in the... Read More

WASHINGTON — Loaded firearms have no place in the U.S. Capitol or on its grounds, unless they are in the hands of trained and authorized law enforcement personnel, the House sergeant-at-arms said on Wednesday. William J. Walker’s unambiguous statement came in a letter to House Majority... Read More

May 25, 2022
by Alexa Hornbeck
Removal of a DEA Training Requirement Would Eliminate Treatment Barriers for OUD Providers

WASHINGTON — The House Committee on Energy and Commerce recently voted to advance provisions of two bills which would eliminate... Read More

WASHINGTON — The House Committee on Energy and Commerce recently voted to advance provisions of two bills which would eliminate special DEA licensing and expand baseline education for treatment providers who prescribe buprenorphine — a medication approved by the Food and Drug Administration to treat those... Read More

May 25, 2022
by Alexa Hornbeck
Global Monkeypox Outbreak Calls for Action From WHO Leaders

GENEVA, Switzerland — The World Health Organization reported that as of May 21 more than 92 monkeypox cases have been... Read More

GENEVA, Switzerland — The World Health Organization reported that as of May 21 more than 92 monkeypox cases have been confirmed, and 28 suspected cases are under investigation within 12 member states that are not endemic for monkeypox virus. “Monkeypox is not a new disease, it’s... Read More

May 25, 2022
by Dan McCue
Schumer Says Fast Action on Gun Control Unlikely

WASHINGTON — Senate Majority Leader Chuck Schumer, D-N.Y., is telling colleagues that there won’t be a rush to bring new... Read More

WASHINGTON — Senate Majority Leader Chuck Schumer, D-N.Y., is telling colleagues that there won’t be a rush to bring new gun-control legislation to the floor in the wake of mass shootings in Buffalo, New York, and Uvalde, Texas, in recent days. Speaking on the Senate floor... Read More

May 25, 2022
by Dan McCue
4th Circuit Rules Civil War Era Amnesty Rule Does Not Apply to Later Insurrectionists

RICHMOND, Va. — A federal appeals court has ruled that the protections inscribed in an amnesty law passed in the... Read More

RICHMOND, Va. — A federal appeals court has ruled that the protections inscribed in an amnesty law passed in the aftermath of the Civil War do not apply to other insurrectionists. Tuesday’s ruling by the 4th U.S. Circuit Court of Appeals on the limits of the... Read More

News From The Well