You may remember the infamous SolarWinds hack that impacted a number of large government agencies and companies in the U.S. last year. It was one of the largest cyber-breaches in recent history and the hackers haven’t given up yet.
Microsoft recently issued a statement warning that the group of hackers, dubbed Nobelium, who is believed to be behind the SolarWinds breach are attacking again, this time in multiple countries around the world.
So, what do you need to know about this latest hack and the ones that came before it?
The SolarWinds hack
Let’s go back to where this all began – the SolarWinds breach.
In December 2020, authorities in the U.S. became aware of a massive cyberattack on a number of important government departments. This was achieved by hackers infiltrating SolarWinds, a company that sells network management software to a huge range of companies and government agencies around the world.
The hackers apparently built a backdoor into the Orion software provided by SolarWinds and used it to contaminate software updates. This may have happened as early as March 2020. Around 18,000 users of Orion were then expected to have installed infected software updates.
Once inside these systems, the hackers could continue to install further malware. Although it’s believed not all those who downloaded the infected software have been exploited with the hackers choosing to target their victims wisely.
Who was impacted?
Amongst the thousands of infected users were a number of crucial government departments in the U.S. This included the U.S. Treasury, Department of Commerce and Homeland Security.
Some Fortune 500 companies were also on the list including Intel, NVIDIA, and Microsoft.
Who’s behind the SolarWinds attack?
The SolarWinds hack is believed to have come from a “nation with top-tier offensive capabilities,” according to FireEye CEO, Kevin Mandia.
In April the U.S. pointed the finger at Russia. President Biden signed an executive order to impose a number of sanctions in order to deal with the threat of foreign interference from Russia.
A number of countries, including Australia, threw their support behind the U.S. in blaming Russia for the SolarWinds hack.
What is this new hack?
On May 28, Microsoft released a statement explaining that the hackers behind the SolarWinds breach had implemented a new attack.
“This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations,” Microsoft said.
“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries.”
The attack seems to once again be targeting certain companies, with a quarter of the impacted companies being involved in international development and human rights work.
“These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts,” Microsoft said in its statement.
The hack was implemented via phishing emails distributed by the Constant Contact account of USAID.
Microsoft has pointed out the reasons these attacks are worth paying attention to. It seems Nobelium’s endgame is to achieve access via piggybacking on software updates and mass email providers. This increases the chance of collateral damage and undermines the technology ecosystem.
Microsoft also stated that the activities of bad actors often relate to issues of concern from the country they operate within.
The tech giant used the Russian hacking group, Strontium, as an example. It previously attacked healthcare organisations during the pandemic and political groups during the U.S. election.
Acts like this coming out of Russia has led to Microsoft’s belief that another Russian group, Nobelium was to blame, due to the choice to target human rights organisations.
“This is yet another example of how cyberattacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives, with the focus of these attacks by Nobelium on human rights and humanitarian organizations,” Microsoft said.
It’s unclear right now which other countries were targeted in this latest hack.
What can we do about attacks like this?
Microsoft issued an update shortly after its statement, saying the security community should “feel good” about the work that’s been done to limit the damage from this attack. It said its services like Microsoft Defender Antivirus have been successful in identifying and protecting against the malware in this attack.
The company issued a reminder to everyone to use basic cybersecurity hygiene such as using multi-factor authentication, installing strong antivirus software and being careful to not click on email links unless their credibility can be verified.
It’s a good reminder for individuals and businesses to practice and enforce proper privacy and security habits when operating online, both at work and at home.