SolarWinds Hacker Group At It Again

Microsoft announced yesterday that the hacker group responsible for last year's SolarWinds breach is again targeting the global supply chain via technology providers and cloud sources that “customize, deploy and manage” customers’ IT services. They are hitting U.S. government entities again too, like the Department of Homeland Security. If you need a refresher, the Russian state-sponsored hacker group, Nobelium, launched an enormous cyberattack in the spring of 2020 by hiding malicious code in a SolarWinds software update. This ultimately resulted in SolarWinds, an IT management tools company, acting as ground zero for a massive data breach that extended to thousands of organizations and nine U.S. government agencies.

What’s Are the Hackers After? Microsoft stated in its report, "We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers." Which essentially means Nobelium is duplicating the SolarWinds breach model that afforded them massive hacker success. These breaches “Trojanize” standard software and updates to allow hackers to infiltrate systems, steal data, and generally wreak havoc on unsuspecting firms’ technology and information security. In short, the big why boils down to the Russian government’s desire to aggressively gain widespread, sustained access to the technology supply chain so they can surveil targets of interest. When you think about it, what better way for a hacker group to infiltrate a target organization’s technology than by implanting malicious code in the technology tools delivered to them by their trusted technology partners. Evil genius? Perhaps. Incredibly dangerous for industry, global supply chains, and national security? Most certainly.

How Long Has This Been Going On? As you may know, by the time we learned about the 2020 SolarWinds breach and widespread fallout, the assaults had been going on for many months. And this time appears no different. Microsoft said that in May 2021 they alerted up to 140 IT service providers and resellers who they believed were targeted by the hacker group, and another 609 customers were notified between July and October. Why they waited so long to go public with this information is anyone's guess. But even as they expose it now, the attack on the global supply chain continues.

What Does the White House Have to Say? The Biden administration has been mostly mum about this latest threat, instead deferring to the Microsoft report. On a more general note, deputy press secretary Karine Jean-Pierre did state on Monday “The federal government is aggressively using our authorities to protect the nation from cyberthreats, including helping the private sector defend itself through increased intelligence sharing, innovative partnership to deploy cybersecurity technologies, bilateral and multilateral diplomacy, and measures we do not speak about publicly for national security reasons." While some national security and cybersecurity experts question what they deem as a limited approach to thwarting Russian-backed cyberattacks, there are geopolitical risks and other factors that almost certainly play major roles in determining counterefforts or sanctions. In the meantime, the Russian government and its operatives seem to be continuing this campaign unfettered and with impunity.

So How Do Businesses Protect Themselves? Cyber and national security experts have been sounding an alarm for years about increasing global threats. Still though, it feels like many organizations are sitting ducks, either oblivious to the dangers, unwilling to invest more into their cybersecurity, or somehow believing they just won’t get hit. Ten years ago, many organizations who fell victim to breaches felt almost immune to another; but today a successful cyberattack on your business almost guarantees your systems will be targeted again. Penetration Testing and Vulnerability Assessments are your first lines of defense against bad actors attempting to infiltrate your systems. Penetration Testing, also referred to as Ethical Hacking, is a simulated cyberattack on your systems conducted by cybersecurity experts who test servers, networks, applications, and system entry points to identify weaknesses. They are invaluable tools and foundational to virtually every cybersecurity strategy. Click here to discuss Penetration Testing for your organization.

Awareness Is Key I can assure you this won’t be the last of what we hear from Nobelium or other hacker groups working on behalf of foreign governments. Espionage, sabotage, and cybercrimes sadly aren’t going away anytime soon. But knowledge is power. And anyone who cares to listen understands the dangers. My hope is that we continue to move toward an increasingly cybercentric world in which industry, technology, and governments work together to identify and mitigate global cybersecurity threats. Stig Ravdal is the President & Founder of Ravdal, Inc., a leading cybersecurity company. He is an expert in the fields of cybersecurity strategy and technology solutions, and is available for speaking engagements. Continuous Penetration Testing is one of the most effective ways to safeguard your systems and data. Click here to learn more about Continuous Pen Testing or to schedule a call now.