WASHINGTON (AFP) — The state-backed Russian hacking group that carried out last year’s massive SolarWinds cyberattacks is behind a new and ongoing assault against United States and European targets, Microsoft said Monday.
The software giant’s Threat Intelligence Center (MSTIC) said in a blog post that the Nobelium group was attempting to gain access to customers of cloud computing services and other IT service providers to infiltrate “the governments, think tanks, and other companies they serve.”
Describing the cyberattack as “nation-state activity,” MSTIC said it “shares the hallmarks” of the assault on SolarWinds, a Texas-based software company targeted as its 300,000-strong customer base gave the hackers access to a huge number of companies.
“It appears the widespread SolarWinds Russia-linked hackers from last year’s attack are again on the hunt for sensitive data and stepping up supply chain attacks across the board,” Wedbush analyst Dan Ives said in a note to investors.
The latest attack has been underway since at least May, MSTIC said, with Nobelium deploying a “diverse and dynamic toolkit that includes sophisticated malware.”
Microsoft vice president Tom Burt wrote in a blog post published late Sunday that this time Nobelium is targeting “resellers” — companies that customize Microsoft’s cloud computing services for use by businesses and other organizations.
Microsoft said it had notified known victims of the latest attack. While it did not specify any of the organizations hit, it noted they included “victims of interest for intelligence gain.”
The software company urged its customers to check on their security arrangements, using multi-factor authentification where possible.
Washington imposed sanctions in April and expelled Russian diplomats in retaliation for Moscow’s alleged involvement in the SolarWinds attack, as well as election interference and other hostile activity.