[TheRecord] Microsoft says Russia hacked at least 14 IT service providers this year

Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies.

The Microsoft Threat Intelligence Center (MSTIC) said the attacks were part of a planned campaign that began in May this year.

The attacks included spear-phishing campaigns and password-spraying operations that targeted employees of companies that manage IT and cloud infrastructure on behalf of their clients.

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.

Image: MSTIC

“We have learned enough about these new attacks, which began as early as May this year, that we can now provide actionable information which can be used to defend against this new approach,” Burt said.

Indicators of compromise from these attacks are available in an MSTIC report published earlier today.

Nobelium, which the White House tied to Russian intelligence service SVR, is the same threat actor that orchestrated the attack against US software provider SolarWinds in 2020. The group hacked SolarWinds, inserted malware inside one of its software products, and then used the malware to enter the networks of high-value targets, such as government agencies and large corporations.

These attacks disclosed today, carried out on a large scale, confirm that the SolarWinds intrusion was deemed a success for the Russian group, which is now trying to replicate it again by attacking other companies part of the software supply chain attack of organizations across the world.

Microsoft did not reveal the names of any of the 14 IT and cloud service providers successfully compromised in this campaign.

The post Microsoft says Russia hacked at least 14 IT service providers this year appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[HackerNews] VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products

All posts, HackerNews

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 – 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager Source: Read […]

Read More

[SecurityWeek] Most Developers Never Update Third-Party Libraries in Their Software: Report

All posts, Security Week

Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] XDR Platform Provider SentinelOne Files for IPO

All posts, Security Week

Endpoint security firm SentinelOne has publicly filed its S-1 registration statement with the SEC for an initial public offering (IPO) of its stock. read more Source: Read More (SecurityWeek RSS Feed)

Read More