Microsoft: Russian-backed hackers targeting cloud services

Microsoft says the same Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global supply chain and have been targeting cloud service resellers and others

NEW YORK -- Microsoft says the same Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global technology supply chain and have been relentlessly targeting cloud service companies and others since summer.

The group, which Microsoft calls Nobelium, has employed a new strategy to piggyback on the direct access that cloud service resellers have to their customers' IT systems, hoping to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers." Resellers act as intermediaries between software and hardware makers and product users.

“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” the company said in a blog post.

The Biden administration downplayed the impact of the Russian efforts. A U.S. government official who requested anonymity due to not being authorized to speak on the record, noted that “the activities described were unsophisticated password spray and phishing, run-of-the mill operations for the purpose of surveillance that we already know are attempted every day by Russia and other foreign governments.”