Connect with us


Russian group that hacked SolarWinds is still attacking America’s computer networks




Hackers have been hitting a different part of the supply chain than in 2020 defaults: companies that buy and distribute software and manage cloud computing services. Microsoft did not name the victim companies or identify the ultimate targets of the alleged Russian spies.

The Microsoft statement follows CNN report Earlier this month, the Russian hacking group had been taking advantage of compromised technology vendors to try to infiltrate U.S. and European government networks into previously unreported activity.

“This recent activity is another indicator that Russia is trying to gain systematic long-term access to various points in the technology supply chain and establish a mechanism to monitor – now or in the future – targets of interest to the Russian government.” said Tom Burt, Microsoft’s corporate vice president, customer safety and trust.

According to Microsoft, hackers have tried to break into more than 140 software vendors and other technology companies using common techniques such as phishing. The ultimate goal is to “impersonate an organization’s trusted technology partner to access its customers downstream,” Burt said.

It is the latest vision of a Russian group that in the last two years has confused the defenses of the US government and companies.

Hackers are best known for using manipulated software manufactured by federal contractor SolarWinds to breach at least nine U.S. agencies in an activity that came to light in December 2020. The attackers were spotted for months on email networks unclassified from the departments of Justice, Homeland Security and others.

The Biden administration in April attributed the espionage campaign to Russia’s foreign intelligence service, the SVR, and criticized Moscow for exposing thousands of SolarWinds customers to malicious code. Moscow has denied their involvement.

Russian operative suspects often launched a wide network of potential victims before searching for them for valuable targets. This is what happened in May when hackers impersonated a U.S. government agency and sent malicious emails to 150 organizations in 24 countries, according to Microsoft. Among the apparent targets of this espionage campaign were a former US ambassador to Russia and anti-corruption activists in Ukraine. Microsoft said that Nobelium targeted 3,000 email accounts in various organizations, most of which were in the United States.
Rob Joyce, head of the National Security Agency’s Cybersecurity Directorate, shared Microsoft’s announcement Monday morning on Twitter and urged organizations to follow Microsoft’s security recommendations.
Secretary of Defense Lloyd Austin he previously told CNN the U.S. has “offensive options” for responding to cyberattacks, but did not specify.
Cybersecurity has been a major focus for the U.S. government following revelations that hackers had put malicious code into a tool published by SolarWinds. A ransomware attack that shut down one of the most important energy infrastructures in the United States: the United States Colonial oil pipeline – earlier this month has only increased the feeling of alarm. According to the FBI, the attack was carried out by a criminal group originally from Russia.

– Jordan Valinsky of CNN Business contributed to this report