Microsoft Says Russia-Backed Group Behind SolarWinds Hack Targets Technology Supply Chain


(RFE/RL) — Microsoft says the Russia-backed hacking group behind last year’s massive SolarWinds cyberattacks on U.S. government agencies and other institutions continues to target the global technology supply chain.

In a blog post dated October 24, the tech giant said that Russian nation-state actor Nobelium has been attacking cloud service resellers and other technology service providers in hopes to “piggyback” on their access to their downstream customers. Resellers are intermediaries between software and hardware makers and product users.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Microsoft said.

Since the attacks were first noticed in May, 140 resellers and technology service providers were targeted, with as many as 14 believed to have been compromised, Microsoft said. These attacks continued with a larger wave over the summer, impacting 609 customers with a success rate in the low single digits.

“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,” Microsoft said.

The New York Times quoted a senior administration official as saying the latest attacks were “unsophisticated, run-of-the mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices.”

Earlier this month Microsoft said in a report that Nobelium was responsible a majority of all nation-state cyberattacks over the past year. Most of the attacks targeted governments, nongovernmental organizations, and think tanks in the United States, Ukraine, and Britain.

The White House previously blamed the SolarWinds attack on Russia’s SVR foreign intelligence agency, which managed to use Nobelium to go undetected for most of 2020 as the hackers compromised several federal agencies. The Russian government has denied any involvement.


RFE/RL journalists report the news in 21 countries where a free press is banned by the government or not fully established.

Leave a Reply

Your email address will not be published. Required fields are marked *