The Nobelium hacker group, accused of being close to the Russian state and of signing the massive offensive against SolarWinds in 2020, is said to have been very active again this year, carrying out nearly 23,000 attacks against 609 companies.

After signing one of the biggest cyberattacks in recent years by attacking SolarWinds and its supply chain in 2020, the Nobelium group, accused of being close to the Russian state, would have put the cover back this year . According to Microsoft, which published the results of research on Nobelium on October 24, the group has targeted more than 140 cloud service contractors since May 2021. More than 14 of them have been compromised.

Even worse, “these attacks were part of a larger wave of Nobelium activity this summer”, notes Tom Burt, Microsoft vice president of customer security. Between July 1 and October 19, the American company informed 609 customers that they had been attacked almost 23,000 times by Nobelium, with a success rate however situated “in a low single-digit range”. Microsoft adds, by way of comparison, that its customers have been attacked “only” 20,500 times by state actors over the past three years.

Attacks “unsophisticated”

More than attempts to exploit flaws or vulnerabilities in certain software, it is more about basic techniques, such as “password spraying”, or the fact of trying to access a large number of accounts using words common passwords, or phishing.

For Microsoft, while other state-linked actors and other cybercriminal groups also deploy attacks, this campaign “is another indicator that Russia is trying to gain long-term and systematic access to a variety of points in the technology supply chain.”. The purpose being “to establish a mechanism to monitor – now or in the future – targets of interest to the Russian government”, accuses American society.

“Those who thought SolarWinds was a one-of-a-kind attack missed the obvious. The cybercriminals behind this infamous breach have, unsurprisingly, put it back.”, comments Amit Yoran, CEO of cyber protection firm Tenable. He also qualifies the attack as “unsophisticated but far-reaching”.

“These are the basics that continue to stumble organizations. What is relatively new over the past twelve months is the strategic and continued focus on the software supply chain.”, he continues. “This goes directly back to the supply chain security issues SolarWinds has highlighted: it only takes breaking one link in the chain to bring down the entire perimeter.”, he emphasizes.