Nobelium, the Russian hacking group responsible for several cyber-attacks, is-evidently- still at it. In a new espionage campaign, according to Microsoft, the Russian hackers responsible for the successful 2020 breach of US federal agencies have compromised as many as 14 technology companies since May. A different supply chain segment has been targeted this time. businesses that buy and distribute software and those that manage cloud computing are the targets this time. However, Microsoft made no mention of the names of the victim companies or the ultimate targets of the alleged Russian spies. However, Tom Burt, Microsoft Customer Security and Trust Team corporate vice president gave a warning in a blog about the new Russian Nobelium cyber-attack on Sunday.
After CNN reported it, the Russian hacking group had been attempting to infiltrate the US and European government networks using compromised technology vendors. It's the first time Microsoft has commented on the matter. In a statement, Tom Burt, Microsoft's corporate vice president of customer security and trust, said, "Russia is trying to establish long-term, systematic access to a variety of points in the current and future technology supply chain and a surveilling mechanism targets of interest to the Russian government." According to Microsoft, in an attempt to hack over a hundred software resellers and technology companies, the hackers employed common techniques such as phishing.
As per Burt, the ultimate goal of the hackers is to "impersonate an organization's trusted technology partner to gain access to downstream customers. This the latest development in the investigation; it has confounded the US and corporate defenses over the last two years. The hackers are known for hacking into nine US government agencies in December 2020. They tampered software developed by federal contractor SolarWinds to accomplish the hacking feat. Cybercriminals posing as agents of Russia's SVR intelligence service took advantage of a routine software update to inject malicious code into Orion's software, which they then used to their advantage. According to NPR, the number of customers who downloaded the code between March and June 2020, according to Sudhakar Ramakrishna, president and CEO of SolarWinds, was eighteen thousand. "If you take the 18,000 figure and sift through it, you will notice that the affected customers' actual number is significantly less. We have no precise figures at the moment. As part of its "seen and unseen." In response to the SolarWinds security breach, the Biden administration announced a slew of tough sanctions against Russia.
For months, the hackers remained undetected in the Departments of Justice, Homeland Security, and other government agencies unclassified email networks. A common accusation against Russian intelligence is that they cast a net of potential victims before sifting through in search of valuable targets. Microsoft says this happened in May, with hackers pretending to be from a US. Former US ambassador to Russia and anti-corruption activists in Ukraine were reportedly targets of the spying operation. According to Microsoft, three thousand email accounts at a variety of organizations, the majority of which were based in the United States, were targeted by the malware Nobelium.
In October, Rob Joyce, director of the National Security Agency's Cyber-security Directorate, published the Microsoft announcement on Twitter, urging organizations to follow the company's security recommendations. Previously, defense Secretary Lloyd Austin told CNN that the United States has "offensive options" for responding to cyber-attacks. Still, he did not specify what those options were or ways of implementing it. With revelations that hackers had injected malicious code into a SolarWinds tool, the United States government prioritized cyber-security. The Pipeline shut down due to a ransom-ware attack; it shifted attention to the entire issue, causing the most critical pieces of energy infrastructure in the United States to be shut down as a result.