Thousands of cyber assaults directed at IT service providers, according to Microsoft, were carried out by the SolarWinds threat actor.
Microsoft has issued a warning to 609 organizations, revealing that they have been targeted 22,868 times between July 1 and October 19, 2021. The attacks are believed to be the work of Nobelium, a Russian nation-state threat actor, who is targeting cloud service resellers and service providers.
The current campaign, which is considered typical spying, is part of a larger wave of Nobelium activities this summer. According to Microsoft, at least 14 breaches have been identified, although the severity of these breaches was not detailed.
The SolarWinds hack, which occurred in 2020, demonstrated that supply chain attacks are changing and widening their scope of potential victims. The attacks on Microsoft and other cloud providers could have implications for national security due to the U.S. government's reliance on the private sector for critical infrastructure protection.
In January, Microsoft confirmed that SolarWinds attackers accessed some of its source code, though no changes were made. The government has confirmed the activity, but it is considered routine espionage. A U.S. official described the campaign as "unsophisticated."
The hacking campaigns by Nobelium began in May 2021. The attacks are believed to be after data that resellers possess, which could grant attackers access to government emails, defense technologies, or vaccine research.
The government has limited ability to protect private industry networks, with the exception of effective information sharing. In 2015, Obama and China agreed to restrict "economic" cyber espionage. However, cyber espionage exists in an international law gray area, according to a 2017 paper by Brian Egan.
The current campaign Microsoft is facing could potentially change existing standards regarding corporate espionage, as suggested by The Times. In December, Microsoft President Brad Smith said the SolarWinds campaign was not "espionage as usual," as secondary targets were handpicked by the hackers.
Remote cyber operations do not constitute a per se violation of international law, according to the same paper. It is important to note that the nation-state responsible for the latest cyberattack on Microsoft has not been explicitly identified in the provided search results, nor are there detailed reports on other activities by this nation-state regarding the Microsoft cloud platform.
In conclusion, the ongoing cyberattacks by Nobelium underscore the evolving nature of supply chain attacks and the need for enhanced cybersecurity measures. Organizations must remain vigilant and proactive in protecting their networks and data from potential threats.
