SolarWinds attackers target Microsoft partners – lack of basic cyber-security

Sicherheit (Pexels, allgemeine Nutzung)[German]A few days ago, more Russian cyberattacks against U.S. companies became known. These are patterned after the SolarWinds attack, this time targeting Microsoft partners. Security researcher Tenable criticizes cloud service providers for ignoring basic security practices, thus abetting these attacks.


New attacks on U.S. institutions

I had reported on the latest attacks on U.S. companies and agencies in the blog post Russian APT29 group Nobelium hacked at least 14 IT service providers, according to Microsoft. In this blog post, Microsoft accuses state-related Russian hackers from the APT29 group Nobelium of successfully attacking and hacking at least 14 IT service providers in 2021. The attacks consisted of phishing and password spraying campaigns. In the campaigns, the APT29 group (Nobelium) targeted around 140 resellers of cloud and IT services around the world.

The New York Daily Press also addressed the issue in the article Ignoring Sanctions, Russia Renews Broad Cybersurveillance Operation. Russia's intelligence agency has launched another campaign to hack hundreds of U.S. government agencies, businesses and think-tank PC networks. The media likewise refers to a warning from Microsoft officials and cybersecurity specialists – and this, just months after President Biden imposed sanctions on Moscow in response to a series of subtle spying operations it had conducted around the world.

The brand new effort is "very extensive and ongoing," Tom Burt, one of Microsoft's chief security officers, is quoted as saying from an interview. Authorities officials confirmed that the operation, which appears to be aimed at buying information stored in the cloud, appears to be emanating from the S.V.R., the Russian intelligence agency that was first to penetrate the Democratic National Committee's networks throughout the 2016 election.

It is not clear how successful Russia's latest cyber campaign has been. Microsoft said it notified more than 600 companies not long ago that it was the target of about 23,000 cyber attack attempts. By comparison, the company had noted only 20,500 targeted attacks from "all national actors" in the previous three years. Microsoft indicated that a small portion of the recent attempts had been successful, but did not provide details or indicate how most of the companies had been compromised.

Criticism from Tenable

In this context, security vendor Tenable criticizes the neglect of basic cyber hygiene by many affected parties. Tenable quotes a senior U.S. government representative who described the recent cyber attacks as "everyday operations that could have been prevented if cloud service providers had applied basic cybersecurity practices." The U.S. government representative added: "There's a lot we can do, but the responsibility for implementing simple cybersecurity practices to close their – and by extension, our – digital doors lies with the private sector."


This looks like another supply chain attack, with the same criminals behind SolarWinds now targeting Microsoft resellers. Amit Yoran, Chairman and CEO at Tenable comments:

Those who thought SolarWinds was a one-off attack failed to see the writing on the wall. The cybercriminals behind the infamous exploit are unsurprisingly at it again. This time they are targeting resellers for Microsoft cloud services with a simple but large-scale attack. The attacks could have been prevented if the companies had taken basic cyber hygiene measures. These include, for example, enforcing multi-factor authentication, implementing strong password policies and robust access management.

Once again, we find that no sophisticated, unprecedented techniques were behind a major cyberattack. It's simply the simple basics that continue to plague organizations. A relatively recent development over the past twelve months is the strategic and continued focus on the software supply chain. This is a direct reflection of the gaping security holes in the supply chain that SolarWinds has pointed out. If just one link in the chain breaks, the entire system can collapse.

Similar articles:
FireEye hacked, Red Team tools stolen
US Treasury and US NTIA hacked
SolarWinds products with SunBurst backdoor, cause of FireEye and US government hacks?
Sloppiness at SolarWinds responsible for compromised software?
News in the fight against SUNBURST infection, domain seized
SUNBURST malware: Analytic Tool SolarFlare, a 'Kill Switch' and EINSTEIN's fail
SUNBURST malware was injected into SolarWind's source code base
SUNBURST: US nuclear weapons agency also hacked, new findings
SolarWinds hack: Microsoft and others also affected?
SUNBURST hack: Microsoft's analysis and news
2nd backdoor found on infected SolarWinds systems
SolarWinds hackers had access to Microsoft source code
SolarWinds hack: Hacker goals; outsourcing are under investigation?
News from the SolarWinds hack; JetBrains software as a gateway?
Kaspersky: SolarWinds Sunburst backdoor resembles Russian ATP malware
SolarLeaks allegedly offers source code from Cisco, Microsoft and SolarWinds
Malwarebytes also successfully hacked by the SolarWinds attackers
Four more security vendors confirm SolarWinds incidents
Accusation: Microsoft failed with security in the SolarWinds hack
SolarWinds: Update for Orion software; attackers had access to top DHS accounts
SolarWinds patches critical Serv-U vulnerability (July 2021)
27 U.S. Attorney's Offices Affected by SolarWinds Hack

Russian APT29 group Nobelium hacked at least 14 IT service providers, according to Microsoft
Nobelium hackers continue to attack Microsoft customers, Trojan on support computers

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *