Trending

Stories

SolarWinds hackers Now Strike Global IT Supply Chains: Microsoft

Must Read

Microsoft has warned that the Russia-based cybercriminals, behind the massive SolarWinds software attack last year, are on the prowl again, this time targeting organizations integral to the global IT supply chain.

The Russian nation-state actor ‘Nobelium’ has targeted at least 140 resellers and technology service providers in global IT supply chains, it said.

Also Read

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. We continue to investigate, but to date, we believe as many as 14 of these resellers and service providers have been compromised,” said Tom Burt, CVP, Customer Security, and Trust, at Microsoft.

‘Nobelium’ was behind the cyberattacks targeting SolarWinds customers in 2020, and which the US government and others have identified as being part of Russia’s foreign intelligence service known as the SVR.

“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” Burt said in a statement late on Sunday.

‘Nobelium’ ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.

The attacks have been a part of a larger wave of Nobelium activities this summer, according to the tech giant.

“In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” said Burt.

By comparison, prior to July 1, 2021, Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft noted.

Nation-state actors, cybercriminals, and other malicious actors continue to target weaknesses in software supply chains and many vendors don’t have the tools or expertise to stop them.

Microsoft has said it would invest $20 billion in the next five years on cyber security.

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

Latest

Stories

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Related

- Advertisement -
- Advertisement -
Nothing Phone (2) Confirmed for India Production Fitbit Integration with Google Accounts Begins Xiaomi 13 Ultra Global Launch: Offers, Price, Specs Meta Unveils Quest 3 VR Headset, Reduces Price for Quest 2 Foxconn to Manufacture iPhones in Karnataka, India: Creating 50,000 Jobs Amazon Echo Pop: Stylish Semi-Sphere Smart Speaker in India Redmi Display A27: Affordable 27 Inches Monitor with 100Hz Refresh Apple Music Classical App Now Available on Android WhatsApp’s Companion Mode: Same Account, Multiple Devices Nvidia & MediaTek Collaborate on Connected Car Tech
Nothing Phone (2) Confirmed for India Production Fitbit Integration with Google Accounts Begins Xiaomi 13 Ultra Global Launch: Offers, Price, Specs Meta Unveils Quest 3 VR Headset, Reduces Price for Quest 2 Foxconn to Manufacture iPhones in Karnataka, India: Creating 50,000 Jobs Amazon Echo Pop: Stylish Semi-Sphere Smart Speaker in India Redmi Display A27: Affordable 27 Inches Monitor with 100Hz Refresh Apple Music Classical App Now Available on Android