You may remember hearing or seeing something on the SolarWinds hack last year. The hacking group behind the SolarWinds attack is named Nobelium or Cozy Bear. This time around, they are targeting dozens of companies across the global IT supply chain. Nobelium is attacking technology providers and resellers that are helping their customers with their cloud services.
The SolarWinds attack
To begin, SolarWinds Inc. is a company that develops software that enables businesses to manage their IT resources such as networks, systems, and IT infrastructure. Early in 2020, the hacking group hacked into SolarWind’s systems and added malicious code into their software system. SolarWinds system is called “Orion” and is used by over 33,000 customers.
Do you know when you have to update an app on your phone? That is because the software/app designers updated their software. SolarWinds is no different. SolarWinds updates the software in Orion from time to time, whether it is fixing a security flaw or adding new features. When they update their software, they push the update to their customers. Unknowingly, their updates pushed the hacker code to their customer.
The code that Nobelium added created a backdoor into SolarWind’s customers’ IT systems. Nobelium was then able to use the backdoor to install even more malware that let them spy on companies and organizations.
Through the SolarWinds Orion system, Nobelium was able to infect over 100 organizations and at least nine federal agencies.
The latest attacks
Microsoft is the one that confirmed Nobelium is back at their tricks. The goal of the new attacks is to hack into the IT service providers to gain access to their “downstream customers.” These downstream customers include think tanks and government offices.
Microsoft says that these new attacks echo the strategy behind the SolarWinds attack and suspect that Nobelium is behind them. Microsoft has been tracking the latest campaign since May and says Nobelium has seen some measure of success.
“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. We continue to investigate, but to date, we believe as many as 14 of these resellers and service providers have been compromised. Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful (Microsoft).”
Microsoft seems to feel that the Russian government is at least partially orchestrating the hacks, saying “This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”
Microsoft has already been working on solutions to the hacks, taking immediate steps to help combat the issues while working on more solutions over the coming months.
Was your organization, or do you know any organizations that were directly impacted by the SolarWinds attack?