US & World

Microsoft: Russian-backed hackers targeting cloud services | News

Richmond, Virginia (AP) — Microsoft continues to target cloud service companies and others since the summer as the same Russian-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global tech supply chain. He said he was doing it.

The group, which Microsoft calls Noberium, has adopted a new strategy that allows cloud service resellers to take advantage of direct access to their customers’ IT systems, “impersonating an organization’s trusted technology partner to access downstream customers. We want to make it easier. “Resellers act as an intermediary between a giant cloud company and its ultimate customers, managing and customizing their accounts.

“Fortunately, this campaign was discovered early on. To share these developments with cloud service resellers, technology providers, and their customers to prevent Nobelium from becoming more successful. We can take timely steps, “said Tom Bart, Vice President of Microsoft. President, Said in a blog post..

The Biden administration downplayed Microsoft’s announcement. A U.S. government official who claimed anonymity and discussed the government’s response said: By Russia and other foreign governments. “

The Russian embassy did not immediately respond to the request for comment.

US-Russian relations are already tense this year over a series of high-profile ransomware attacks on US targets launched by Russia-based cyber gangs. US President Joe Biden has warned Russian President Vladimir Putin to crack down on ransomware criminals, but recently some of the top cybersecurity executives have said no evidence of this.

Supply chain attacks allow hackers to steal information from multiple targets by breaking into a single product that everyone uses. The U.S. government has previously blamed Russia’s SVR foreign intelligence service for SolarWinds hack, a supply chain hack that was undetected for most of 2020, endangering some federal agencies and terribly embarrassing Washington. I did.

This hacking campaign is called SolarWinds after the US software company whose products were used in the effort. In April, the Biden administration imposed new sanctions on six Russian companies supporting the country’s cyber activities in response to SolarWinds hacks.

Microsoft has been monitoring Nobelium’s latest campaigns since May, notifying more than 140 companies in the group, 14 of which are believed to have been compromised. The attacks have been more and more relentless since July, with Microsoft saying it has informed 609 customers that there were 22,868 attacks by Nobelium, with success rates in the low single digits. This is more attacks than Microsoft has reported from all nation-state officials in the last three years.

“Russia seeks to establish a mechanism for long-term and systematic access to various points in the technology supply chain to monitor targets of interest to the Russian government now or in the future,” said Bert. Says.

Microsoft didn’t name hacker targets in its latest campaign. But cybersecurity firm Mandiant said he saw victims in both Europe and North America.

Charles Carmakal, Mandiant’s Chief Technology Officer, said the way hackers track resellers makes it difficult to detect.

“It shifts the first intrusion from the ultimate target, which is an organization with more mature cyber defenses, to smaller technology partners with less mature cyber defenses,” he said.


Matt Otto, an AP business writer in Silver Spring, Maryland, contributed to this report.

Copyright 2021 AP communication. all rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.

Microsoft: Russian-backed hackers targeting cloud services | News

Source link Microsoft: Russian-backed hackers targeting cloud services | News

Related Articles

Back to top button