‘SolarWinds Hackers’ Now Hitting Resellers: 5 Things To Know
From leveraging anonymous infrastructure and taking advantage of delegated administrative privileges to gaining access to virtual machines, here’s how the group behind the SolarWinds attack is going after resellers.
1. SVR’s Spying Efforts Continue Unabated Post-SolarWinds
The SolarWinds hackers have targeted more than 140 IT resellers and service providers and compromised as many as 14 since May in a new surveillance effort. The attacks on resellers have been part of a larger wave of SVR activities this summer, with Microsoft notifying 609 customers since July 1 that they’ve been attacked 22,868 times by the SVR, with a success rate in the low single digits.
In comparison, Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years in the three years leading up to July 1, 2021. The attack path against resellers and service providers has been used to obtain access to both on-premises and cloud victim environments, according to Carmakal.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government,” Burt wrote in a blog post Sunday.