Logo of Phnom Penh Post newspaper Phnom Penh Post - Russia hackers behind new US cyberattack: Microsoft

Russia hackers behind new US cyberattack: Microsoft

Content image - Phnom Penh Post
Microsoft has warned of a new hack. AFP

Russia hackers behind new US cyberattack: Microsoft

The “state-backed” Russian hacking group that carried out last year’s massive SolarWinds cyberattacks is behind a new and ongoing assault against US and European targets, Microsoft said on October 25.

The software giant’s Threat Intelligence Centre (MSTIC) said in a blog post that the Nobelium group was attempting to gain access to customers of cloud computing services and other IT service providers to infiltrate “the governments, think tanks, and other companies they serve”.

Describing the cyberattack as “nation-state activity”, MSTIC said it “shares the hallmarks” of the assault on SolarWinds, a software company based in the US state of Texas targeted as its 300,000-strong customer base gave the hackers access to a huge number of companies.

“It appears the widespread SolarWinds Russia-linked hackers from last year’s attack are again on the hunt for sensitive data and stepping up supply chain attacks across the board,” Wedbush analyst Dan Ives said in a note to investors.

Washington imposed sanctions in April and expelled Russian diplomats in retaliation for Moscow’s alleged involvement in the SolarWinds attack, as well as election interference and other hostile activity.

The latest attack has been underway since at least May, MSTIC said, with Nobelium deploying a “diverse and dynamic toolkit that includes sophisticated malware”.

“Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT [information technology] supply chain,” Microsoft vice-president Tom Burt wrote in a blog post published late on October 24.

This time, Burt noted, Nobelium is targeting “resellers” – companies that customise Microsoft’s cloud computing services for use by businesses and other organisations.

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” he wrote. “We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

Microsoft said it had notified known victims of the latest attack. While it did not specify any of the organisations hit, it noted they included “victims of interest for intelligence gain”.

The software company urged its customers to check on their security arrangements, using multi-factor authentication where possible.

It is not the first time Nobelium has mounted a comeback since SolarWinds, with Microsoft announcing in May that it had again detected a series of attacks by the group on government agencies, think tanks, consultants and other organisations.

Burt said the speed of the attacks was escalating, with Microsoft notifying more than 600 customers this year of nearly 23,000 attempted intrusions.

While the success rate was only “in the low single digits”, this compares to “attacks from all nation-state actors 20,500 times over the past three years”.

The past year has seen a number of high-profile cyberattacks with major consequences as companies increasingly find themselves unable to do business when their online infrastructure is compromised.

MOST VIEWED

  • Ministry orders all schools, public and private, to close for SEA Games

    From April 20 to May 18, all public and private educational institutions will be closed to maintain order and support Cambodia's hosting of the 32nd SEA Games and 12th ASEAN Para Games, said a directive from the Ministry of Education, Youth and Sport. Cambodia will host the

  • Almost 9K tourists see equinox sunrise at Angkor Wat

    Nearly 9,000 visitors – including 2,226 international tourists – gathered at Angkor Wat on March 21 to view the spring equinox sunrise, according to a senior official of the Siem Reap provinical tourism department. Ngov Seng Kak, director of the department, said a total of 8,726 people visited Angkor Wat to

  • Angkor Beer strengthens national pride with golden new look and fresher taste

    Angkor Beer – the "Gold of Angkor" – has a new look, one that is more stylish and carries a premium appeal, as well as a fresher taste and smoother flavour, making it the perfect choice for any gathering. Angkor Beer recently launched its new design, one

  • Water supply authority assures public shortages over early ‘24

    The Phnom Penh Water Supply Authority (PPWSA) asked for understanding from Phnom Penh residents in some communes where water pressure is weak. They assured residents that all supply issues will be resolved by early 2024, but have suggested that residents use water sparingly in the meantime.

  • Khmer ballet documentary debuts April 1

    A new documentary, The Perfect Motion, or Tep Hattha in Khmer, will premiere to the public on April 1. The documentary film follows two intertwined storylines: the creation of a show called Metamorphosis by the late Princess Norodom Buppha Devi (her very last production) and the

  • EU’s Sokha resolution ‘a sovereign rights breach’

    The National Assembly (NA) said the European Parliament (EP) did not respect the Kingdom’s independence and sovereignty when it passed a resolution strongly critical of the recent conviction and sentencing of former opposition leader Kem Sokha for “treason”. On March 16, the EP issued a