Russian hackers behind fresh US cyberattack, says Microsoft

Published October 26, 2021
A Microsoft logo is seen on an office building in New York City, US on July 28, 2015. — Reuters/File
A Microsoft logo is seen on an office building in New York City, US on July 28, 2015. — Reuters/File

WASHINGTON: The state-backed Russian hacking group that carried out last year’s massive SolarWinds cyberattacks is behind a new and ongoing assault against US and European targets, Microsoft said on Monday.

The software giant’s Threat Intelligence Centre (MSTIC) said in a blog post that the Nobelium group was attempting to gain access to customers of cloud computing services and other IT service providers to infiltrate “the governments, think tanks, and other companies they serve”.

Describing the cyberattack as “nation-state activity”, MSTIC said it “shares the hallmarks” of the assault on SolarWinds, a Texas-based software company targeted as its 300,000-strong customer base gave the hackers access to a huge number of companies.

“It appears the widespread SolarWinds Russia-linked hackers from last year’s attack are again on the hunt for sensitive data and stepping up supply chain attacks across the board,” Wedbush analyst Dan Ives said in a note to investors.

Washington imposed sanctions in April and expelled Russian diplomats in retaliation for Moscow’s alleged involvement in the SolarWinds attack, as well as election interference and other hostile activity.

The latest attack has been underway since at least May, MSTIC said, with Nobelium deploying a “diverse and dynamic toolkit that includes sophisticated malware”.

“Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain,” Microsoft vice president Tom Burt wrote in a blog post published late Sunday.

This time, Burt noted, Nobelium is targeting “resellers” — companies that customise Microsoft’s cloud computing services for use by businesses and other organisations.

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” he wrote.

Published in Dawn, October 26th, 2021

Opinion

Editorial

Anti-women state
Updated 25 Nov, 2024

Anti-women state

GLOBALLY, women are tormented by the worst tools of exploitation: rape, sexual abuse, GBV, IPV, and more are among...
IT sector concerns
25 Nov, 2024

IT sector concerns

PRIME Minister Shehbaz Sharif’s ambitious plan to increase Pakistan’s IT exports from $3.2bn to $25bn in the ...
Israel’s war crimes
25 Nov, 2024

Israel’s war crimes

WHILE some powerful states are shielding Israel from censure, the court of global opinion is quite clear: there is...
Short-changed?
Updated 24 Nov, 2024

Short-changed?

As nations continue to argue, the international community must recognise that climate finance is not merely about numbers.
Overblown ‘threat’
24 Nov, 2024

Overblown ‘threat’

ON the eve of the PTI’s ‘do or die’ protest in the federal capital, there seemed to be little evidence of the...
Exclusive politics
24 Nov, 2024

Exclusive politics

THERE has been a gradual erasure of the voices of most marginalised groups from Pakistan’s mainstream political...