Skip to main content

The Russian hacker group behind the SolarWinds attack is at it again, Microsoft says

caption: The SolarWinds Corp. logo is seen at the headquarters in Austin, Texas in April.
Enlarge Icon
The SolarWinds Corp. logo is seen at the headquarters in Austin, Texas in April.
AFP via Getty Images

Last year a hacker group used a bit of malicious code it hid in a software update by the company SolarWinds to launch an immense cyberattack against U.S. government agencies and corporations.

The group behind the attack, Nobelium, is reportedly being directed by the Russian intelligence service. And they're at it again.

Updated October 25, 2021 at 2:15 PM ET


According to Microsoft, one of the victims of the SolarWinds hack, the group is targeting technology companies that resell and provide cloud services for customers.

"Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain," Tom Burt, Microsoft's Corporate Vice President of Customer Security & Trust, said in a blog post on the company's website.

"We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers," he added.

The hacker group hasn't tried to ferret out vulnerabilities in software, Burt said, but rather has been using techniques like phishing and password spray to gain entry to the targeted networks.

A senior Biden administration official declined to comment on who it believed was responsible for the latest attacks. But in responding to the latest news from Microsoft, they pointed out that the hacking attempts were both unsophisticated and largely unsuccessful, unlike the SolarWinds campaign, which involved a complex intrusion using a software update which impacted an indiscriminate number of victims.

In this case, this latest spying campaign by the Russian SVR appears to be classic espionage, and out of the 141 companies Microsoft notified, only about 14 concluded there might have been a successful compromise, with limited impact.

The targets — cloud service providers — are particularly popular recently as bad actors focus on the all-important supply chain to try and gain access to the more attractive targets: their clients, including government agencies.

"Broadly speaking, the federal government is aggressively using our authorities to protect the Nation from cyber threats, including helping the private sector defend itself through increased intelligence sharing, innovative partnerships to deploy cybersecurity technologies, bilateral and multilateral diplomacy, and measures we do not speak about publicly for national security reasons," said the senior administration official.

Jenna McLaughlin contributed to this report. [Copyright 2021 NPR]

Why you can trust KUOW