Accessibility links

Breaking News

Microsoft Says Russia-Backed Group Behind SolarWinds Hack Targets Technology Supply Chain


The SolarWinds Corp. logo is seen on a sign at the company's headquarters in Texas (file photo)
The SolarWinds Corp. logo is seen on a sign at the company's headquarters in Texas (file photo)

Microsoft says the Russia-backed hacking group behind last year’s massive SolarWinds cyberattacks on U.S. government agencies and other institutions continues to target the global technology supply chain.

In a blog post dated October 24, the tech giant said that Russian nation-state actor Nobelium has been attacking cloud service resellers and other technology service providers in hopes to “piggyback” on their access to their downstream customers. Resellers are intermediaries between software and hardware makers and product users.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft said.

Since the attacks were first noticed in May, 140 resellers and technology service providers were targeted, with as many as 14 believed to have been compromised, Microsoft said. These attacks continued with a larger wave over the summer, impacting 609 customers with a success rate in the low single digits.

“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” Microsoft said.

The New York Times quoted a senior administration official as saying the latest attacks were “unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.”

Earlier this month Microsoft said in a report that Nobelium was responsible a majority of all nation-state cyberattacks over the past year. Most of the attacks targeted governments, nongovernmental organizations, and think tanks in the United States, Ukraine, and Britain.

The White House previously blamed the SolarWinds attack on Russia’s SVR foreign intelligence agency, which managed to use Nobelium to go undetected for most of 2020 as the hackers compromised several federal agencies. The Russian government has denied any involvement.

  • 16x9 Image

    RFE/RL

    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.

XS
SM
MD
LG