Microsoft released an advisory yesterday warning that the hackers behind the SolarWinds attacks are back at it again, targeting at least 140 global resellers and technology service providers in global IT supply chains. The group, known as Nobelium, is of Russian origin and has pivoted to software and cloud service resellers since the SolarWinds attacks. Microsoft believes this is so that the group may capitalize on any direct access resellers may have to their customers’ IT systems.
Nobelium’s latest campaign was discovered in May of this year and there have been 14 cases of compromisation to date. Microsoft was one of the leading organizations impacted by the SolarWinds breach, along with the Cybersecurity and Infrastructure Security Agency, the US Treasury, the Department of Homeland Security, and FireEye. SolarWinds systems were breached and an update for Orion software was tampered with and later distributed to 18,000 customers, leading to the additional breaches.
Read More: SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns