Supply chain attacks 2021

 Supply chain attacks 2021 - SolarWinds APT Targets Tech Resellers in Latest Supply-Chain CyberattacksOriginal article: https://threatpost.com/solarwinds-tech-resellers-supply-chain-cybe...

Visit Our Website:- https://www.youtube.com/watch?v=RMq8BN_RBRc



Supply Chain attacks, Espionage, & Russian Hackers. Nobellium targets Tech Resellers in Cyberattacks

The SolarWinds attackers – an advanced persistent threat (APT) known as Nobelium – have started a new wave of supply-chain intrusions, this time using the technology reseller/service provider community to attack their targets.

The activity has affected victims in North America and Europe thus far, researchers said, and the goal is espionage: Nobelium has been linked to Cyber attacks explained  the Russian government’s foreign intelligence service, known as SVR.



According to an analysis from Mandiant and Microsoft, Nobelium isn’t exploiting a vulnerability or, as was the case with SolarWinds, trojanizing legitimate code. Instead, it’s infiltrating reseller networks using tried-and-true tactics like credential-stuffing and phishing, as well as API abuse and token theft, in order to gather legitimate account credentials and privileged access to reseller networks.

From there, Nobelium attempts to pivot and land inside the networks of reseller customers downstream. Once inside a reseller network, it becomes much easier to impersonate the company and exploit the trusted relationship that reseller has with its customers, researchers pointed out.



“Mandiant has investigated multiple intrusions in 2021 where suspected Russian threat actors exploited supply-chain relationships between technology companies and their customers,” said Mandiant senior vice president and CTO Charles Carmakal, via email. “While the SolarWinds supply-chain attack involved malicious code inserted in legitimate software, most of this recent intrusion activity has involved leveraging stolen identities and the networks of technology solutions, services and reseller companies in North America and Europe to ultimately access the environments of organizations that are targeted by the Russian government.”

Since May, Microsoft has observed Nobelium Supply chain attack Solar Winds attacking more than 140 resellers and technology service providers, it said, with about 14 of them succumbing to compromise. However, in its writeup, issued Sunday, the software giant didn’t say how many downstream customers have been affected.

Mandiant’s Carmakal only said that the firm has seen successful intrusions into on-premises and cloud victim environments.



Comments