About 140 resellers and technology service providers have fallen victim to Nobelium, the alleged Russian state actor behind the SolarWinds Orion cyberattacks, since May 2021.
The Nobelium attacks are believed to use password spray and phishing to steal credentials and gain privileged access, Microsoft says in a blog post.
In the post, Microsoft writes: “We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organisation’s trusted technology partner to gain access to their downstream customers.
“We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community.
“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium.
“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.
“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful.”