The group blamed for a devastating cyberattack that compromised US government and corporate networks in 2020 is attempting to replicate the subterfuge, Microsoft announced on Monday.
Nobelium, the hacker group linked to Russia that Microsoft and the US government have identified as being behind the 2020 SolarWinds attack, is now targeting "organizations integral to the global IT supply chain," Microsoft's vice president of customer security and trust, Tom Burt, said in a blog post.
"This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers," Burt said.
"We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers," he added.
The US government alleges that Nobelium is tied to Russia's foreign intelligence service, the SVR.
Microsoft first began to notice the group's renewed activity in May, and has notified over 140 "resellers and technology service providers." It believes up to 14 resellers have been compromised by the Nobelium effort.
Burt said the attacks are part of a wider increase in activity by Nobelium with Microsoft informing 609 customers they were attacked 22,868 times by Nobelium between July 1 and Oct. 19. Those attacks had "a success rate in the low single digits."
The SolarWinds cyberattack, which used software updates to compromise thousands of computer systems, led to the US expulsion of 10 Russian diplomats from the country, and the subsequently imposed sweeping sanctions on 32 Russians in retaliation.
A subsequent attack blamed on Nobelium targeted USAID, the US government's foreign aid agency. That attack used USAID's email system to launch a phishing attempt that targeted 3,000 email accounts at over 150 organizations in at least 24 countries. Human rights-focused think tanks, consultant groups and non-governmental organizations were among the targets.