The Russia-based agency behind last year’s massive SolarWinds cyberattack has tried to hack another 140 tech companies, its latest intrusion into US cyber infrastructure.
Microsoft says that Nobelium’s latest hack targeted ‘resellers and other technology service providers that customize, deploy and manage cloud services.’ Fourteen firms successfully had their defenses breached, although they haven’t been named, and further information on the nature of the hacks have not been shared.
The goal of Nobelium, which is widely-believed to be working for Russia’s SVR intelligence agency, is to impersonate the technology companies and gain access to their downstream customers.
The move would target any company that uses the products and services of the companies that were attacked.
Only 14 of the resellers and service providers have been compromised in this latest round, Microsoft said as it continues to investigate the scope of the breach.
US cybersecurity officials could not be immediately reached to confirm the report.
US officials confirmed to the New York Times that the operation was underway.
One unnamed senior administration official called it an ‘unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.’
Nobelium did not appear to exploit any software vulnerabilities and instead focused on a tried-and-true method of stealing legitimate login credentials to privileged access, Microsoft notes.
In its blog post, Microsoft wrote: ‘This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.’
The SolarWinds attack hurt an estimated 18,000 SolarWinds customers who downloaded compromised software updates. The updates allowed the alleged Russian hackers to access their servers, though the explicit intent of the breaches is not yet known.
The breach went on to expose the information of at least nine US federal agencies.