Wave of Cyberattacks Hitting American Companies, Microsoft Warns

Hundreds of companies and organizations have been hit by an attack on Microsoft's computer systems. The computer giant announced in a blog post on Monday the latest online assault targeted "resellers and other technology service providers" of its cloud service.

Microsoft has publicly identified the perpetrator as Nobelium, the hacking group behind the SolarWinds cyberattack, because "the latest activity shares the hallmarks of the actor's compromise-one-to-compromise-many approach."

The blog post states: "The Microsoft Threat Intelligence Center (MSTIC) has detected nation-state activity associated with the threat actor tracked as Nobelium, attempting to gain access to downstream customers of multiple cloud service providers (CSP), managed service providers (MSP), and other IT services organizations ... that have been granted administrative or privileged access by other organizations.

"The targeted activity has been observed against organizations based in the United States and across Europe since May 2021. MSTIC assesses that Nobelium has launched a campaign against these organizations to exploit existing technical trust relationships between the provider organizations and the governments, think tanks, and other companies they serve."

Newsweek has contacted Microsoft for an update.

Last year, U.S. IT firm SolarWinds was the victim of a large-scale cyberattack that went undetected for months.

The hack, believed to be Russian in origin, resulted in criminals being able to spy on cutting-edge tech companies including cybersecurity firm FireEye, and even areas of the U.S. government.

Microsoft has reportedly notified 609 different companies thought to have been selected for the cyberattacks, although a only relatively small number had actually been successful.

Tom Burt, Microsoft's Corporate Vice President, Customer Security & Trust, yesterday doubled down on the widespread belief that Nobelium is a "Russian actor."

He wrote: "Today, we're sharing the latest activity we've observed from the Russian nation-state actor Nobelium.

"This is the same actor behind the cyberattacks targeting SolarWinds customers in 2020 and which the U.S. government and others have identified as being part of Russia's foreign intelligence service known as the SVR."

He added how he believes Nobelium has refined its attack approach since last year's SolarWinds cyberattack.

He wrote: "Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.

"We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers."

Anthony Chadd of Neustar Security Solutions suggests this latest cyberattack emphasized the criminals' increasing effectiveness.

He told Newsweek: "Established cyber criminals calling on their peers for support highlights how collaborative, organized and even open-sourced they are in their approach. Not only are cybercriminals selecting their targets together, they are openly discussing potential safe refuge. This all points to a more combined and thought-out approach by ransomware gangs.

"Cybercrime has become a lucrative and mature market. Business is booming, with what were once individual criminal 'groups' and malicious actors now fully fledged criminal enterprises, providing as-a-service offerings and malware licenses to established customer bases and target markets. By targeting U.S. interests, these enterprises are pursuing ever more ambitious targets, with higher-risks and higher-rewards."

Cyber Attack
Microsoft has accused the Russian group thought responsible for last year's SolarWinds hack for today's attack on hundreds of U.S. networks Motortion/Getty Images

Thom Langford, security advocate at cybersecurity startup SentinelOne, said he was unsurprised by the latest cyberattack, "given the dramatic rise in criminal activity in this area over the last few years."

He told Newsweek: "The impunity that cyber criminals appear to operate with—as a result of various governments' tolerance of these illicit activities —underscores the political and economic complexities at play. The growth of these attacks will continue until these issues are dealt with.

"Focussing on the attacks themselves, supply chain attacks exploit a very human weakness in our globalized business world. Organizations in the supply chain are very much in our blind spot, and are explicitly trusted given the shared objectives of the relationship.

"But modern business has extremely large and complex supply chains, which means that the undermining of one supplier will have an exponentially greater impact across their clients. Multiply that with numerous suppliers, and the impact will be huge."

He added it is very likely these attacks will result in huge ransoms being demanded and an equally large financial loss to any organizations impacted.

Langford said: "The question is if the attacks Microsoft have seen are the full picture or just the tip of the iceberg—and where we will see further damage done to suppliers that are less able to protect themselves."