In The Line Of Fire
The Russian foreign intelligence service (SVR) has set its sight on resellers and other service providers in a months-long campaign to gain administrative-level access and spy on their customers, Microsoft said Sunday. The campaign comes months after the SVR compromised nine federal agencies as well as more than 100 private sector organizations through a flaw in the SolarWinds Orion network monitoring tool.
“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” said Tom Burt, Microsoft’s corporate vice president of customer security and trust. The SVR is also known as APT 29, Cozy Bear and Nobelium.
Mandiant is working with organizations impacted by the SVR’s latest effort and has seen downstream victims in North America and Europe, with intrusion activity still ongoing, a company spokesperson said. From leveraging anonymous infrastructure and taking advantage of delegated administrative privileges to gaining access to virtual machines, here’s how Russian hackers are going after IT solution providers.