Microsoft: Russian hackers target cloud services
Microsoft said Monday the same Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global technology supply chain and have been relentlessly targeting cloud service companies and others since summer.
The group, which Microsoft calls Nobelium, has employed a new strategy to piggyback on the direct access that cloud service resellers have to their customers’ IT systems, hoping to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” Resellers act as intermediaries between giant cloud companies and their ultimate customers, managing and customizing accounts.
“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” said Tom Burt, a Microsoft vice president.
The Biden administration downplayed Microsoft’s announcement. A U.S. government official briefed on the issue who insisted on anonymity noted that “the activities described were unsophisticated password spray and phishing, runof-the mill operations for the purpose of surveillance that we already know are attempted every day by Russia and other foreign governments.” The Russian Embassy did not immediately reply to a request for comment.
U.S. and Russian ties have already been strained this year over a string of high-profile ransomware attacks against U.S. targets launched by Russia-based cyber gangs. President Joe Biden has warned Russian President Vladimir Putin to get him to crack down on ransomware criminals, but several officials have said recently that they have seen no evidence he’s doing that.