The Russian hacker group Nobelium launched a massive cyberattack on the US last year through a software update from software developer SolarWinds.
Now, according to Microsoft executives, those same hackers are back, once again targeting the global IT supply chain. So far Microsoft has identified 140 technology service providers and resellers that have been affected, with 14 that Microsoft believes were compromised.
It's not exactly something that the global supply chain needs right now — thanks to pandemic-related slowdowns, businesses are already bracing for a rough holiday season.
How Nobelium's New Campaign Works
Tom Burt, Microsoft corporate vice president of customer security and trust, explained the news in a recent blog post. As Burt puts it, the hackers are attempting to replicate their previous attacks by aiming at targets essential to the supply chain. But, this go-around, those targets are slightly different:
“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.”
The hackers' plan seems to be to silently compromise customers by accessing and impersonating companies' B2B partners.
The hackers' main techniques this time include phishing emails as well as a method of brute-forcing account logins called “password spray,” which involves inputting common passwords en masse.
Nobelium is Staying Busy
Microsoft first noticed the hacking campaign in May 2021, ultimately notifying 140 operations that were targeted. They believe 14 were compromised, despite the campaign being noticed in its early stages.
This whole deal isn't the only hacking that Microsoft has spotted Nobelium getting up to, either: Burt notes that the software company found 22,868 attacks on 609 customers between July 1st and October 19th of 2021 — a number way up from the 20,500 attacks from all nation-state actors across the past three years.
It's “another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” according to Burt.
Why Supply Chains Are in Bad Shape
Pandemic-related supply chain bottlenecks will be a major concern for retailers this holiday season and well into next year.
Six of every 10 retail executives have signaled their worries about getting their holiday orders in a timely manner, a new Deloitte report has found, while 75% of consumers worry about stores running out of stock as well.
And while the retail supply chain is distinct from the IT supply chain that Nobelium appears to be attempting to gain surveillance over, the two bump up against each other frequently. The famously cheap Raspberry Pi single-board computer just raised its prices for the first time ever, citing the chip supply crisis. Any consumers and companies distracted by these product-related supply chain struggles are easy targets for hackers.
The only short-term solution for retailers is to order their holiday stock as early as possible. But for key tech businesses that may face a password spray attack from Nobelium, there's one obvious answer: Warn all your employees not to use “Password123” and get them the high-quality password management tool that helps them do it. Here's a quick look at our top picks.
Local Storage Option
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Live Chat Support
Cheapest available business plan
Click to Try
BEST ON TEST