Russian Hackers Behind SolarWinds Attack Are Targeting The Supply Chain, Microsoft Says

The same group of Russian hackers behind the December 2020 SolarWinds attack are targeting companies in the U.S. technology supply chain, according to a Monday report released by Microsoft.

Russian hacking group Nobelium is targeting cloud infrastructure companies and information technology software resellers in an attempt to gain access to these companies’ customers, according to Microsoft’s research. Microsoft believes Nobelium to be the same group responsible for the SolarWinds hack in late 2020 that affected multiple Cabinet-level agencies, federal contractors and critical infrastructure companies.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Tom Burt, Microsoft’s vice president for customer security and trust, wrote in the report.

The hackers used rudimentary techniques including “phishing,” in which a hacker tries to trick an individual into revealing login credentials or sensitive information, as well as brute force methods such as guessing passwords, according to the report. Microsoft said it had observed a drastic increase in these attacks over the past few months.

“[B]etween July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt wrote. “By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Microsoft said it had discovered the hacking campaign in its early stages, and believed up to 14 companies were compromised.

The findings threaten an agreement between Russian President Vladimir Putin and President Joe Biden to begin working together on ending cyber hostilities. Biden has highlighted the threat of cyber attacks originating from Russia and promised sanctions if they continue, warning that state-sponsored hacking was the most likely reason for the U.S. to engage in a “real shooting war.”

The president has also prioritized strengthening American cyber defenses, convening a summit with executives from major technology companies in August and investing in protecting critical infrastructure from hackers.

The White House National Security Council did not immediately respond to the Daily Caller News Foundation’s request for comment.