US tech giant Microsoft said the Russian-backed hacker responsible for the 2020 Solar Winds hack was still continuing its attacks on global technology systems, this time targeting hackers. reseller based service cloud.
According to Microsoft, the group, which calls themselves Nobelium, is using a new strategy to take advantage of the direct access that its users have reseller into their customers’ IT systems, and hopes to “more easily impersonate a trusted technology partner to gain access to their downstream customers.”
Reseller is the link between software and hardware manufacturers, as well as end users of technology products.
In a statement on Sunday (24/10), Microsoft said it had been monitoring the Nobelium attack since last May, and had notified more than 140 companies that were targeted by this group. Around 14 of the targeted company systems are suspected to have experienced disturbances.
“Recent activity is another indication that Russia is seeking to achieve long-term, systematic access to various points in the technology supply chain, and is seeking to establish mechanisms to scout, in the current and future periods, the targets of interest by the Russian government, ” said a statement written by Microsoft.
“Fortunately, we caught sight of this campaign in its early stages, and we are sharing these developments to help the reseller service cloud, technology suppliers, and their customers so that they can take steps to ensure that Nobelium does not succeed,” Microsoft said.
Charles Carmakal, who is senior vice president and chief technology executive at Mandiant’s cybersecurity business, said this attack was different from the attack on SolarWinds which used fake code embedded into the software. The attack this time involved “using stolen identities” to gain access to the system. [jm/lt]