Russian agency behind Solarwinds still targeting US: Microsoft

The Russian-based agency behind the enormous SolarWinds cyberattack that targeted an array of United States federal agencies last year has continued to target hundreds more US companies and organisations in its latest wave of attacks, the Microsoft company has said.

In a blog post, Microsoft, said the Russian agency Nobelium’s latest wave targeted “resellers and other technology service providers” of cloud services. Those attacks were part of a broader campaign this year, Microsoft said, adding it had notified 609 customers between July 1 and October 19 that they had been attacked. The customers were targeted a total of 22,868 times, it added.

Just a small percent of the latest attempts were successful, Microsoft told the New York Times, which first reported the breach.

US officials confirmed to the newspaper that the operation was under way, with one unnamed senior administration official calling it “unsophisticated, run-of-the-mill operations that could have been prevented if the cloud service providers had implemented baseline cybersecurity practices”.

Microsoft, meanwhile, called the recent activity “another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government”.

Last year, it was revealed that hackers had exploited vulnerabilities in software, including that distributed by the US-based SolarWinds company, to hack at least nine federal agencies and more than 100 private companies.

The incident was particularly disconcerting because it went undetected for more than a year. In February, legislators grilled officials from SolarWinds, Microsoft, and the private security company FireEye about the ordeal.

The US intelligence community determined with “high confidence” the Russian government was behind the intrusion.

In April, US President Joe Biden announced a series of sanctions against Russian entities and the expulsion of diplomats in response to the hacking and other alleged Russian transgressions, including election interference.

Moscow has repeatedly denied responsibility for the hack.