Microsoft has warned that Nobelium, the hacking group behind the SolarWinds fiasco, has targeted at least 140 resellers and technology service providers in global IT supply chains.
On October 24, Tom Burt, Microsoft Corporate Vice President of Customer Security & Trust said in an advisory that the advanced persistent threat (APT) group, of Russian origin, has now pivoted to software and cloud service resellers in order to “piggyback on any direct access that resellers may have to their customers’ IT systems.”
The Redmond giant says that Nobelium’s latest campaign was spotted in May this year and no less than 140 companies have been targeted, with 14 confirmed cases of compromise.
Nobelium was responsible for the SolarWinds breach, disclosed by Microsoft and FireEye (now known as Mandiant) in December 2020.
SolarWinds systems were breached and an update for Orion software was poisoned and later deployed to approximately 18,000 customers.
The APT then selected a small number of high-profile targets to exploit, including Microsoft, FireEye, the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Agency (CISA), and the US Treasury.
After the malicious update was pushed through SolarWind’s legitimate channels, malware was planted on these systems, including the Sunburst/Solorigate backdoor.