Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
A Cybercrime Ring Responsible For Hijacking Over 100M Email, Instagram Accounts Dismantled
March 21, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Russia’s Nobelium Supply Chain Attacks Force U.S. Government’s Hand

By Teri Robinson for Security Boulevard
Tuesday, October 26, 2021

Threats from the U.S. government apparently weren’t enough to keep Nobelium, the group behind the SolarWinds campaign, away from the vulnerable global IT supply chain—Microsoft said the threat actors, affiliated with Russian intelligence unit SVR, have attacked at least 140 managed service providers (MSPs) and cloud service providers, with 14 known breaches since May 2021.

“Suppliers are the Achilles’ Heel of the largest financial institutions, governmental institutions and providers of critical national infrastructure,” said Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network. “Compared to frontal attacks against the victims, silent attacks against third parties are generally faster, cheaper and less noisy.”

In addition, suppliers might have “access to more data than the victims themselves; for example, by storing more data in backups than contractually allowed or expected,” he said. “Worse, some suppliers fail to detect sophisticated intrusions and the victims are never even notified about the incident.”

The attacks revealed by Microsoft are likely just the tip of the iceberg. “Organizations impacted by this activity are reportedly cloud and managed service providers; it is realistically possible that the scope of this incident could increase,” said Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows. “Nobelium is known for their resourcefulness in moving laterally across supply chains, so additional impacted organizations may surface in the coming months.”

It’s “unsurprising that the Russian SVR continues to remain active as the mission of gathering intelligence never goes out of style,” as Oliver Tavakoli, CTO at Vectra, said. That means it’s more important than ever that organizations follow Microsoft’s advice that administrators “adopt strict account security practices and take additional measures to secure their environments.”

It also means that government may have to make good on its promise to respond in a meaningful way. Biden has said he has opened up a direct line of communications with Putin. For the time being, then, all eyes are on the White House. Read Full Article


Previous Media Publications:

ITWeb: SolarWinds attackers targeting the channel, says Microsoft

Dark Reading: SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential