IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft resellers warned of Nobelium attacks on IT supply chain

Microsoft believes that 22,868 attacks have been conducted against 609 partners since July

The Microsoft logo on the front of an office building

Microsoft has warned its resellers and managed service providers that the hacking group behind the SolarWinds cyber attack has now turned its attention to the company's global supply chain.

The tech giant said that it believes the Russian state-backed hacking group, known as Nobelium, ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organisation’s trusted technology partner to gain access to their downstream customers.

Microsoft said that the attacks used well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access. It began observing Nobelium’s latest campaign in May 2021 and has been notifying affected partners and customers.

So far, the company has notified over 140 resellers and technology service providers currently being targeted by the group. It also believes as many as 14 resellers and service providers have already been compromised.

These attacks have been part of a larger wave of Nobelium activities this summer, the company said. Between 1 July and 19 October, Microsoft believes that 22,868 attacks were conducted by the group against 609 customers, with a success rate in the low single digits. As a comparison, before 1 July, approximately 20,500 attacks from nation-state hackers were recorded over the course of three years.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” said Tom Burt, corporate vice president of Customer Security & Trust.

From what it has learned over the past several months, Microsoft is working to implement improvements to better secure and protect its technology partners. This includes launching a programme on 15 October to provide two years of an Azure Active Directory Premium plan for free to strengthen security controls, and it’s piloting new granular features for organisations that want to provide privileged access to resellers.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

It's also piloting improved monitoring to help partners and customers manage and audit their delegated privileged accounts and remove unnecessary authority, as well as auditing unused privileged accounts and working with partners to assess and remove unnecessary privilege and access.

The company also revealed it has been coordinating with the security community to improve its knowledge of Nobelium’s activity, including government agencies in the US and Europe. It believes it is in a much better position to defend against these threats thanks to the US cyber security executive order and information sharing between industry and government.

In September, it emerged that Nobelium was stealing data from Active Directory Federation Services (AD FS) servers, with Microsoft warning that the group was found to be using a post-exploitation backdoor dubbed FoggyWeb to remotely exfiltrate sensitive data.

The group was also blamed for an attack on a Microsoft employee’s computer in June, implanting malware on a device belonging to a customer support agent to obtain information belonging to customers.

Featured Resources

Mastering retention

Turning user behaviour insights into retention strategies

Free Download

Dell PowerEdge with AMD

IT applications and infrastructure are the prime catalyst for new revenue creation

Free Download

Building for success with off-premises private cloud

Leveraging co-location facilities to execute your cloud strategy

Free Download

Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities

Free Download

Recommended

Windows 11 Update 2022: The "first major" Windows 11 update brings slew of new business features
Microsoft Windows

Windows 11 Update 2022: The "first major" Windows 11 update brings slew of new business features

21 Sep 2022
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Security

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday

14 Sep 2022
Microsoft Surface Laptop Go 2 review: Basic but brilliant
Laptops

Microsoft Surface Laptop Go 2 review: Basic but brilliant

13 Sep 2022
How to downgrade from Windows 11 to Windows 10
Microsoft Windows

How to downgrade from Windows 11 to Windows 10

5 Sep 2022

Most Popular

46 US states call for Meta monopoly lawsuit to be reinstated
mergers and acquisitions

46 US states call for Meta monopoly lawsuit to be reinstated

20 Sep 2022
Anonymous hacks Iranian government and state broadcasters
cyber attacks

Anonymous hacks Iranian government and state broadcasters

22 Sep 2022
Why collaboration is key to digital transformation
Sponsored

Why collaboration is key to digital transformation

13 Sep 2022