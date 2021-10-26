Washington: A Russian hacking group that carried out last year’s massive SolarWinds cyberattacks is now behind a new and ongoing assault against US and European targets, said a report quoting software giant Microsoft said Monday. In a blog post published on Monday, Microsoft’s Threat Intelligence Center (MSTIC) identified the hacking group as the Nobelium group and that it was attempting to gain access to customers of cloud computing services and other IT service providers to infiltrate “the governments, think tanks, and other companies they serve”.Also Read - Tesla Goes Past $1 Trillion Market Value For First Time Ever, Joins Elite Club Of Microsoft, Google, Apple, Amazon, Facebook

Describing the cyberattack as "nation-state activity", MSTIC said that it has, "detected nation-state activity associated with the threat actor tracked as NOBELIUM, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations (referred to as "service providers" for the rest of this blog) that have been granted administrative or privileged access by other organizations. The targeted activity has been observed against organizations based in the United States and across Europe since May 2021."

The blog further read, "MSTIC assessed that NOBELIUM has launched a campaign against these organizations to exploit existing technical trust relationships between the provider organizations and the governments, think tanks, and other companies they serve. NOBELIUM is the same actor behind the SolarWinds compromise in 2020, and this latest activity shares the hallmarks of the actor's compromise-one-to-compromise-many approach. Microsoft has notified known victims of these activities through our nation-state notification process and worked with them and other industry partners to expand our investigation, resulting in new insights and disruption of the threat actor throughout stages of this campaign."

SolarWinds is a Texas-based software company that was targeted last year by the group as its 300,000-strong customer base gave the hackers access to a huge number of companies.”It appears the widespread SolarWinds Russia-linked hackers from last year’s attack are again on the hunt for sensitive data and stepping up supply chain attacks across the board,” Wedbush analyst Dan Ives said in a note to investors.

The latest attack has been underway since at least May, MSTIC said, with Nobelium deploying a “diverse and dynamic toolkit that includes sophisticated malware”.

Meanwhile, in another blog post by Microsoft vice president Tom Burt, the official said, “Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

This time, Burt noted, Nobelium is targeting “resellers” — companies that customize Microsoft’s cloud computing services for use by businesses and other organisations.

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” he wrote in the blog that was published late Sunday. “We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

Microsoft said it had notified known victims of the latest attack. While it did not specify any of the organizations hit, it noted they included “victims of interest for intelligence gain”. The software company urged its customers to check on their security arrangements, using multi-factor authentification where possible.

It is not the first time Nobelium has mounted a comeback since SolarWinds, with Microsoft announcing in May that it had again detected a series of attacks by the group on government agencies, think tanks, consultants and other organizations.

Burt said the speed of the attacks was escalating, with Microsoft notifying more than 600 customers this year of nearly 23,000 attempted intrusions. While the success rate was only “in the low single digits”, this compares to “attacks from all nation-state actors 20,500 times over the past three years”.