Microsoft: Hacker group behind SolarWinds is still active

The Russian group behind the SolarWinds hack, among other things, has continued to carry out cyber attacks in recent months, Microsoft reports based on its own research. Nobelium infects IT companies in the supply chain with malware or ransomware.

Microsoft reports that it has observed coordinated cyber attacks on dozens of companies as of May. At least 140 “technology service providers and resellers” have been targeted, 14 of which have been “compromised,” the company concludes. Microsoft attributes the attacks to Nobelium, the hacker group that is said to have launched such attacks in the past, with the largest being the SolarWinds hack late last year.

Microsoft has said that 609 customers of those companies were attacked 22,868 times by Nobelium between July 1 and October 17. Its success rate is said to be “somewhere low in the single digits.” The number of Nobellium attacks in this period is greater than Microsoft saw in the past three years. According to Microsoft, the attacks are an indicator that Russia “is trying to systematically gain access to many points in the technology supply chain in the long term.” For example, the group is trying to create a mechanism to spy on targets that are interesting for the Russian government, says the tech company.

According to Microsoft, the hackers would not use a weak spot in the software, but simpler methods such as password spraying and phishing. This would allow them to steal login details. According to Microsoft, the attacks can only be prevented through close cooperation between governments in the US and Europe to create stricter cybersecurity standards, making companies less easy to hack.

The hacker group Nobelium is said to have hacked the software company SolarWinds in 2020. It allegedly hit customers with spy malware through the supply chain. According to the US government, the hack would have affected at least 100 companies and nine governments. Earlier this year, software company Kaseya also fell victim to similar attacks. However, that hack was claimed by REvil, and not by Nobelium. At the end of May, Microsoft also reported that it had observed several cyber attacks from Nobelium in a short period of time. Then it involved more than 150 companies.