Russian-linked Nobelium hacker behind SolarWinds attack strikes again

Oct. 25 (UPI) -- The Russia-linked hacker Nobelium behind the 2020 SolarWinds cyberattacks has struck global information technology supply chains again.

Tom Burt, who serves as corporate vice president of Microsoft's Customer Security and Trust team, warned of the new attack by the Russian nation-state actor Nobelium Sunday in a blog.


"Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain," Burt said in the blog. "This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.

"We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers."

Burt said Microsoft first noticed the new attack in its "early stages" in May and since then has notified more than 140 resellers and technology service providers who were targeted.

Investigators found that 14 of these resellers and service providers were compromised.


The attack against resellers and service providers is part of the Russian-linked hacker's broader activities this summer. From July 1 through Tuesday, Microsoft informed 609 customers of 22,868 attempted attacks with a success rate in the "low single digits."

Prior to July 1, Microsoft notified customers about overall nation-state hacker attempts 20,500 times, including a phishing scheme in May targeting government and organizations through mimicking the United States Agency for International Development.

Earlier this month, Microsoft published a report on digital defense that found Russia was behind 58% of state-backed hacks over the past year.

"The recent activity is another indicator that Russia is trying to gain long-term systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling -- now or in the future -- targets of interest to the Russian government," Burt said in the blog Sunday.

The attack in network security software from SolarWinds last year breached at least nine U.S. federal agencies, along with dozens of companies, including Fortune 500 businesses.

Earlier this year, technology executives testified before Congress that the SolarWinds attack launched in March 2020 and discovered by cybersecurity firm Microsoft and Fire Eye (now known as Mandiant) in December, was unprecedented in scale and sophistication.


"While the SolarWinds supply chain attack involved malicious code inserted in legitimate software, most of this recent intrusion activity has involved leveraging stolen identities and the networks of technology solutions, services, and reseller companies in North America and Europe to ultimately access the environments of organizations that are targeted by the Russian government," Charles Carmakal, Mandiant senior vice president and chief technology officer, said in a statement to

Latest Headlines