Russia’s Nobelium Supply Chain Attacks Force U.S. Government’s Hand
Tuesday, October 26, 2021
Threats from the U.S. government apparently weren’t enough to keep Nobelium, the group behind the SolarWinds campaign, away from the vulnerable global IT supply chain—Microsoft said the threat actors, affiliated with Russian intelligence unit SVR, have attacked at least 140 managed service providers (MSPs) and cloud service providers, with 14 known breaches since May 2021.
“Suppliers are the Achilles’ Heel of the largest financial institutions, governmental institutions and providers of critical national infrastructure,” said Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network. “Compared to frontal attacks against the victims, silent attacks against third parties are generally faster, cheaper and less noisy.”
In addition, suppliers might have “access to more data than the victims themselves; for example, by storing more data in backups than contractually allowed or expected,” he said. “Worse, some suppliers fail to detect sophisticated intrusions and the victims are never even notified about the incident.”
The attacks revealed by Microsoft are likely just the tip of the iceberg. “Organizations impacted by this activity are reportedly cloud and managed service providers; it is realistically possible that the scope of this incident could increase,” said Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows. “Nobelium is known for their resourcefulness in moving laterally across supply chains, so additional impacted organizations may surface in the coming months.”
It’s “unsurprising that the Russian SVR continues to remain active as the mission of gathering intelligence never goes out of style,” as Oliver Tavakoli, CTO at Vectra, said. That means it’s more important than ever that organizations follow Microsoft’s advice that administrators “adopt strict account security practices and take additional measures to secure their environments.”
It also means that government may have to make good on its promise to respond in a meaningful way. Biden has said he has opened up a direct line of communications with Putin. For the time being, then, all eyes are on the White House. Read Full Article
ITWeb: SolarWinds attackers targeting the channel, says Microsoft
Dark Reading: SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat