BETA
This is a BETA experience. You may opt-out by clicking here

Breaking

Edit Story

Russia-Linked Hackers Are Targeting U.S. Computer Networks In Massive Operation, Microsoft Warns

Following
This article is more than 2 years old.
Updated Apr 21, 2022, 08:19am EDT

Topline

A hacker group linked to Russia’s intelligence agency has been engaged in a major campaign to gain access to thousands of government and private computer networks, Microsoft warned on Sunday, signaling that Moscow-backed cyber attacks on the U.S. have continued despite the Biden administration’s sanctions against it.

Key Facts

According to a blog published by Microsoft, NOBELIUM—the group behind the Solar Winds attack—has been targeting multiple cloud service providers and other IT services organizations based in the U.S. and Europe since May 2021.

Microsoft said it has notified the victims of what it describes as “nation-state” activities and is working with them to expand its investigation on these attacks.

Tom Burt, Microsoft’s vice president of customer security, told the New York Times that NOBELIUM’s current campaign is “very large, and it is ongoing.”

According to the Times, government officials confirmed the operation was aimed at gaining access to data stored on the cloud and seemed to have been backed by Russia’s foreign intelligence agency SVR.

Big Number

22,868. That’s the total number of attacks carried out by NOBELIUM between July 1 and October 19, Burt said in a separate blog post published on Sunday. In total, Microsoft says 609 organizations were affected by the attacks.

Crucial Quote

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Burt said in his post.

Key Background

In April, U.S. President Joe Biden ordered a series of new sanctions against Russia and expelled several Russian diplomats due to its role in a major hacking campaign that targeted several federal agencies last year. The operation, widely known as the SolarWinds hack, used novel methods to surreptitiously gain access to the computer networks of at least seven government agencies and several major American companies. That attack remained undetected for several months until it was discovered and disclosed by a cybersecurity firm. NOBELIUM, which carried out the hack, has been linked to SVR. In May this year, SVR Director Sergei Naryshkin said he was “flattered” by the accusations of being involved in such a sophisticated attack but denied his agency’s involvement.

Further Reading

Russia Challenges Biden Again With Broad Cybersurveillance Operation (New York Times)

Follow me on TwitterSend me a secure tip