Total Tests:

Russia’s Nobelium Supply Chain Attacks Force U.S. Government’s Hand

By Teri Robinson for Security Boulevard
Tuesday, October 26, 2021

Threats from the U.S. government apparently weren’t enough to keep Nobelium, the group behind the SolarWinds campaign, away from the vulnerable global IT supply chain—Microsoft said the threat actors, affiliated with Russian intelligence unit SVR, have attacked at least 140 managed service providers (MSPs) and cloud service providers, with 14 known breaches since May 2021.

“Suppliers are the Achilles’ Heel of the largest financial institutions, governmental institutions and providers of critical national infrastructure,” said Ilia Kolochenko, founder of ImmuniWeb and a member of the Europol Data Protection Experts Network. “Compared to frontal attacks against the victims, silent attacks against third parties are generally faster, cheaper and less noisy.”

In addition, suppliers might have “access to more data than the victims themselves; for example, by storing more data in backups than contractually allowed or expected,” he said. “Worse, some suppliers fail to detect sophisticated intrusions and the victims are never even notified about the incident.”

The attacks revealed by Microsoft are likely just the tip of the iceberg. “Organizations impacted by this activity are reportedly cloud and managed service providers; it is realistically possible that the scope of this incident could increase,” said Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows. “Nobelium is known for their resourcefulness in moving laterally across supply chains, so additional impacted organizations may surface in the coming months.”

It’s “unsurprising that the Russian SVR continues to remain active as the mission of gathering intelligence never goes out of style,” as Oliver Tavakoli, CTO at Vectra, said. That means it’s more important than ever that organizations follow Microsoft’s advice that administrators “adopt strict account security practices and take additional measures to secure their environments.”

It also means that government may have to make good on its promise to respond in a meaningful way. Biden has said he has opened up a direct line of communications with Putin. For the time being, then, all eyes are on the White House. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential