Microsoft claims the Russian hackers behind the successful 2020 breach of US federal agencies have penetrated as many as 14 technology businesses since May as part of a new spying effort.
Firms that acquire and sell software, as well as companies that handle cloud computing services, have been targeted by the hackers, as opposed to the 2020 breach. Microsoft did not name the firms that the claimed Russian spies targeted, nor did it disclose the final targets of the accused Russian spies.
The Microsoft revelation comes after CNN reported earlier this month that the Russian hacking group had been attempting to enter US and European government networks through hacked technology companies in previously unknown activity.
Microsoft warns Russia group continued intrusions
The hackers attempted to sneak into more than 140 software resellers and other computer organizations using typical approaches such as phishing. The ultimate objective is to "impersonate an organization's trusted technology partner to get access to downstream consumers," according to Tom Burt, Microsoft's corporate vice president, customer security and trust.
Per WLFI, it's the most recent information on a Russian group that has defied US government and industry defenses in the past two years.
The hackers are most known for hacking at least nine US agencies using modified software developed by federal contractor SolarWinds, which was discovered in December 2020. For months, the attackers remained unnoticed in the Departments of Justice, Homeland Security, and others' unclassified email networks.
In April, the Biden administration blamed Russia's foreign intelligence service, the SVR, for the spying operation and chastised Moscow for exposing thousands of SolarWinds clients to malicious codes. Moscow has denied any participation in the incident.
Microsoft has warned over 140 resellers and service providers that they were targets of Nobelium and that it may have hacked "as many as 14" of them.
Furthermore, the business informed 609 clients that Nobelium had attacked them 22,868 times between July 1 to October 19. In comparison to past years, the number of attacks has increased significantly.
US sanctions have nothing to do to curb Russian-linked cyberattack
"Ultimately, the hacking group aims to piggyback on any direct access that resellers may have to their customers' IT systems and more easily mimic an organization's trusted technology partner to obtain access to its downstream customers," Burt said as per The Washington Examiner.
The hacker organization has not attempted to exploit software flaws in its latest attack targeting resellers and service providers. Instead, they've used "well-known techniques," including phishing attempts.
SolarWinds admitted in December that it had been hacked by hackers who used the company's Orion software upgrades to spread malware to its users' systems. Federal government agencies such as the Justice Department, State Department, and Treasury Department were among the 18,000 clients affected, according to the business.
The Biden administration has implemented sanctions, and Russia has been subjected to unprecedented international pressure to act against both government-linked hackers and cyber criminals operating within its borders.
However, given Microsoft's disclosure Monday that the same Russian hacker gang behind last year's SolarWinds attack is still targeting organizations, the efforts appear to have done nothing to curb the activity.
Despite President Joe Biden's sanctions and demands to take action against hackers within Russia's borders at an in-person meeting with Russian President Vladimir Putin, these hacking attempts occurred. Several federal agencies have prioritized improving cybersecurity, and the White House recently convened a meeting of more than 30 countries to tackle ransomware assaults, The Hill via MSN reported.