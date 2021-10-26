Entertainment
The Russian nation-state actor behind the SolarWinds cyberattack again: Microsoft
Russian nation-state actor Nobelium targets cloud service and technology providers “who customize, deploy and manage” services for customers, Microsoft said.
“We believe that Nobelium ultimately hopes to graft onto any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” says The report.
The intrusion involved software from SolarWinds, which manufactures IT management tools, which had been tampered with or “trojanized” with a vulnerability that could be exploited by hackers to steal information, manipulate systems or install traps and ‘other exploits for future use.
The hack even compromised emails from former Acting Homeland Security Secretary Chad Wolf, according to three sources familiar with the matter.
As of May 2021, the company said it had notified 140 resellers and technology service providers it said had been targeted by Nobelium, of which 14 were compromised.
Microsoft said the attacks were part of a larger pattern of the group’s business: Between July 1 and October 19, they informed 609 customers that they had been targeted by Nobelium.
“This recent activity is another indicator that Russia is trying to gain systematic long-term access to various points in the technology supply chain and establish a mechanism to monitor – now or in the future – targets of ‘interest in the Russian government, “Microsoft said.
The alleged activity also comes as President Joe Biden has warned Russia that these types of cyber attacks will not be tolerated.
The White House on Monday refused to explicitly confirm Microsoft’s claim that the same players behind the SolarWinds breach are now attacking the global supply chain.
But when asked about this by ABC News, the White House’s deputy senior press secretary, Karine Jean-Pierre, did not dispute the Microsoft account. She even repeated some of the company’s claims, but referred questions about the details to the company – and said more generally that the United States was “aggressively using our authorities to protect the nation from cyber threats.”
“Generally speaking,” she said, “the federal government is aggressively using our authorities to protect the nation from cyber threats, including helping the private sector defend itself through increased intelligence sharing, innovative partnership to deploy cybersecurity technologies, to bilateral and multilateral diplomacy and measures we do not speak of for public reasons or national security. “
Javed Ali, the former director of counterterrorism at the National Security Council, told ABC News that the campaign was a continuation of Russia’s aggressive cyber operations “using state-backed security services.”
“This operation also raises a host of questions about the limits of the Biden administration’s approach to Russia, which appears to include a combination of carrots and sticks to prevent, punish and deter similar attacks,” Ali said.
The Biden administration has taken several measures in an attempt to mitigate cyber attacks, such as decrees strengthening cybersecurity cooperation with the public sector and sanctions against Russian government officials or criminal groups responsible for the cyber attacks.
“Critics of this approach will say that the Russian government continues to operate with impunity in cyberspace and that the United States has not imposed the right level of costs to deter future activities,” said Ali, who was also a senior FBI and DHS official. “It remains to be seen whether the Biden administration is prepared to move on to even more aggressive measures given other geopolitical risks and concerns about Russian activity.”
White House spokesman Jean-Pierre appeared to downplay the alleged Russian disregard for Biden’s actions.
According to Microsoft, the activities described were unsophisticated password spraying and phishing attempts for surveillance purposes which experts say have been attempted every day by Russia and other foreign governments for years. “she said. “You can prevent these attempts if cloud service providers implement basic cybersecurity practices, including multi-factor authentication. “
ABC News contacted the Russian Embassy for comment, but did not receive an immediate response.
ABC News’s Ben Gittleson contributed to this report.
