The Russian-linked hacking group that’s been blamed for an attack on the U.S. government and a significant number of private U.S. companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft, writs .
Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.
On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”
“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” Burt wrote in a blog Monday.
Nobelium, which could not be reached for comment, is hoping to “piggyback” on any direct access that resellers may have to their customers’ IT systems, Burt said. He added that this would allow the group to “more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.”
The hackers have been using phishing emails and a technique known as password spray, which involves trying commonly used passwords such as Password1 or 1234 against multiple accounts before moving on to try a second password.
Microsoft has been observing Nobelium’s latest “campaign” since May 2021, Burt said, adding that it’s been notifying partners and customers that have been impacted. It said it has been working with U.S. and European government agencies.