Why Microsoft is screaming about Russian hackers again

Microsoft warns that Nobelium, the Russian cybercriminal group behind the SolarWinds attack, is back to work with a massive hacking campaign. Here's what we know Nobelium, the Russian organization of cybercriminals responsible for the great SolarWinds cyberattack - the one which, started from the Texan company of the same name, involved nine government agencies and thousands of US companies - has returned to work. Microsoft, also a victim of the SolarWinds case, wrote about it in a post on its blog dated 24 October.


In the post Microsoft explains that Nobelium is carrying out a new hacking campaign targeting the "supply chain" of technological services, that is, the set of software providers and cloud systems to businesses.


Microsoft says it informed 609 customers between July 1 and October 19 that they were attacked 22,868 times by Nobelium, but the group's attempts were mostly unsuccessful: the success rate is single-digit. These are unsophisticated attacks: the criminals are not trying to exploit some flaw or vulnerability in the software, but using “well-known” techniques to try to steal login credentials. According to Microsoft, the wave of cyberattacks indicates that Russia, which sponsors Nobelium as well as other cybercriminal gangs, "is trying to gain long-term, systematic access to a variety of points in the technology supply chain, and to establish a mechanism to monitor - now or in the future - the targets of interest to the Russian government ”. According to US administration officials, the (few) cases of actual breach could have been avoided if only cloud service providers had implemented basic cybersecurity practices.


This year the United States was hit by a long series of cyber attacks attributable to Russian or pro-Russian organizations: the most notable cases were those at the Colonial Pipeline, the JBS meat processing plant and the Kaseya software company. . Moscow denies being responsible or involved in these attacks. During the Geneva summit with Vladimir Putin, US President Joe Biden provided his counterpart with a list of sixteen sectors that are critical to the United States and which, if hit by cyberattacks, will trigger a response from Washington. Recently the United States coordinated a cyber operation involving several countries against the Russian cybercriminal group REvil, linked (directly or indirectly) to the attacks on the Colonial Pipeline, JBS and Kaseya: the gang's servers were compromised and its network infrastructure is offline.


A Treasury Department report published last week reads that in the first six months of 2021, American companies made payments related to ransomware attacks (those consisting of blocking data upon request for payment of a ransom) for 590 million. dollars: it is more than the figure recorded in the whole of 2020 (416 million). The data, it says, "indicates that ransomware is a growing threat to the US financial sector, businesses and the public."