{"id":42534,"date":"2021-10-26T09:17:55","date_gmt":"2021-10-26T09:17:55","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=362503b260dfd1d82bd7f31a868c4b78"},"modified":"2021-10-26T09:17:55","modified_gmt":"2021-10-26T09:17:55","slug":"microsoft-resellers-warned-of-nobelium-attacks-on-it-supply-chain","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/microsoft-resellers-warned-of-nobelium-attacks-on-it-supply-chain\/","title":{"rendered":"Microsoft resellers warned of Nobelium attacks on IT supply chain"},"content":{"rendered":"


\n Zach Marzouk<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
26 Oct, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

Microsoft<\/a>\u00a0has warned its resellers and managed service providers that the hacking group behind\u00a0the SolarWinds cyber attack<\/a>\u00a0has now turned its attention to the company’s global supply chain.<\/p>\n

The tech giant said that it believes the Russian state-backed hacking group, known as\u00a0Nobelium<\/a>, ultimately hopes to piggyback on any direct access that resellers may have to their customers\u2019 IT systems and more easily impersonate an organisation\u2019s trusted technology partner to gain access to their downstream customers.<\/p>\n

<\/p>\n

\nMicrosoft said that the attacks used well-known techniques, like password spray and\u00a0phishing<\/a>, to steal legitimate credentials and gain privileged access. It began observing Nobelium\u2019s latest campaign in May 2021 and has been notifying affected partners and customers.<\/p>\n

So far, the company has notified over 140 resellers and technology service providers currently being targeted by the group. It also believes as many as 14\u00a0resellers and service providers have already been compromised.<\/p>\n

These attacks have been part of a larger wave of Nobelium activities this summer, the company said. Between 1 July and 19 October, Microsoft believes that 22,868 attacks were conducted\u00a0by the group against 609 customers, with a success rate in the low single digits. As a\u00a0comparison, before 1 July, approximately 20,500 attacks\u00a0from nation-state hackers were recorded over the course of three years.<\/p>\n

\n

\u201cThis recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology\u00a0supply chain<\/a>\u00a0and establish a mechanism for surveilling \u2013 now or in the future \u2013 targets of interest to the Russian government,\u201d said Tom Burt, corporate vice president of Customer Security & Trust.<\/p>\n

From what it has learned\u00a0over the past several months, Microsoft is working to implement improvements to better secure and protect its technology partners. This includes launching a programme on 15 October to provide two years of an\u00a0Azure<\/a>\u00a0Active Directory Premium plan for free to strengthen security controls, and it\u2019s piloting new granular features for organisations that want to provide privileged access to resellers.<\/p>\n

It’s also piloting improved monitoring to help partners and customers manage and audit their delegated privileged accounts and remove unnecessary authority, as well as auditing unused privileged accounts and working with partners to assess and remove unnecessary privilege and access.<\/p>\n

The company also revealed it has been coordinating with the security community to improve its knowledge of Nobelium\u2019s activity, including government agencies in the US and Europe. It believes it is in a much better position to defend against these threats thanks to\u00a0the US cyber security executive order<\/a>\u00a0and information sharing between industry and government.<\/p>\n

In September, it emerged that\u00a0Nobelium was stealing data from Active Directory Federation Services (AD FS) servers<\/a>, with Microsoft warning that the group was found to be using a post-exploitation backdoor dubbed FoggyWeb to remotely exfiltrate sensitive data.<\/p>\n

The\u00a0group was also blamed for an attack on\u00a0a Microsoft employee\u2019s computer in June<\/a>, implanting malware on a device belonging to a customer support agent to obtain information belonging to customers.<\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"

Zach Marzouk<\/p>\n

26 Oct, 2021 <\/p>\n

Microsoft\u00a0has warned its resellers and managed service providers that the hacking group behind\u00a0the SolarWinds cyber attack\u00a0has now turned its attention to the company’s global supply chain.
\nThe …<\/p>\n","protected":false},"author":654,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-42534","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42534","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/654"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=42534"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42534\/revisions"}],"predecessor-version":[{"id":42535,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/42534\/revisions\/42535"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=42534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=42534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=42534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}