Cybersecurity advisory

Microsoft Says SolarWinds Hackers Continuing Cyberattacks Through Resellers

Technology company Microsoft said the group responsible for the SolarWinds hack continues to execute cyberattacks against the company’s customers through resellers.

Microsoft said in a blog post published on Monday that Russian government hackers, which the company named Nobelium, exploit existing technical trust relationships between resellers and the organizations they serve. A separate post from Microsoft Vice President Tom Burt stated that up to 14 resellers are likely to have been compromised in recent months while Nobelium targeted over 140 partner organizations. He added that more than 600 Microsoft customers were targeted between July and October, Nextgov reported.

While the software company said the attacks are not because of security vulnerabilities in their products, CrowdStrike and other cybersecurity entities disagree. CrowdStrike CEO George Kurtz said in February that flaws in Microsoft’s authentication architecture allowed bad actors to bypass multifactor authentication measures and sign in as a compromised user even if victims reset their passwords.

Microsoft recommended that customers implement MFA and other cybersecurity practices to mitigate risks. The organization will also enforce cyber requirements for its resellers. The Cybersecurity and Infrastructure Security Agency agreed with Microsoft’s recommendations.

Nobelium used basic password guessing and brute force tactics to hack SolarWinds’ platforms and infiltrate users’ systems in late 2020 and into 2021. The incident resulted in nine federal agencies getting compromised. U.S. officials attributed the activity to Russia’s foreign intelligence service.