World Microsoft says Russian group behind SolarWinds attack now targeting IT supply chain

18:56  25 october  2021
18:56  25 october  2021 Source:   foxnews.com

Meghan and Harry's investment firm has shares in Fox News

  Meghan and Harry's investment firm has shares in Fox News SEC filings from August reveal that Ethic has ploughed millions into oil, gas, mining companies, airlines, as well as firms that so-called ethical investment guides rate poorly including Amazon.The parent company of Rupert Murdoch's Fox News 

Microsoft on Monday warned that the same Russian group behind the SolarWinds cyber attack in 2020 has been attempting to "replicate" that approach, now targeting organizations "integral" to the global IT supply chain—specifically, resellers and technology service providers.

Microsoft Corporate Vice President of Customer Security & Trust Tom Burt shared the "latest activity" the company has observed from Russian nation-state actor Nobelium. Burt, in a blog post, said Nobelium was identified by the U.S. government and others as being part of Russia’s foreign intelligence service, known as the SVR.

No, the supply chain mess is not a war on Christmas

  No, the supply chain mess is not a war on Christmas Despite what conservatives say, Joe Biden is not trying to ruin the holiday shopping season.Conservatives are spinning these developments into a tale about how this supply chain catastrophe is ruining Christmas — and it’s all Biden’s fault.


"Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain," Burt wrote. "This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers."

Burt added that Microsoft believes Nobelium "ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers."

House GOP leadership, 160 members slam Biden for doomed holiday season due to supply chain crisis

  House GOP leadership, 160 members slam Biden for doomed holiday season due to supply chain crisis FIRST ON FOX: Top GOP House leaders and 160 lawmakers called on President Biden Wednesday to fix the U.S. "supply chain crisis" or face a doomed holiday season. In a letter to the president first obtained by Fox News, the Republicans asked that Biden reverse his policies relating to the coronavirus they believe have disrupted U.S. infrastructure abilities and supply chains.

Microsoft said it began observing Nobelium’s latest activity in May 2021, and said it has been notifying "impacted partners and customers, while also developing new technical assistance and guidance for the reseller community."

"Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium," Burt wrote. "We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised."

Microsoft said it discovered the campaign "during its early stages," and said they are sharing developments to cloud service resellers, technology providers, and customers to take "timely steps to help ensure Nobelium is not more successful."

Microsoft said that the attacks on this sector of the global IT supply chain have been a part of a "larger wave" of Nobelium activities over the summer.

Will Apple be the last US tech giant in China?

  Will Apple be the last US tech giant in China? As Microsoft closes down the main version of LinkedIn, Apple looks more alone in China than ever.Last week Microsoft, which still operates in China, announced it was to shut down its social network, LinkedIn, there.

Burt said that between July 1 and Oct. 19, Microsoft informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits.

"By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,5000 over the past three years," Burt wrote.

Microsoft warned, though, that the activity is "another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling--now or in the future--targets of interest to the Russian government."

Microsoft, detailing the attacks, explained that it does not appear to be an attempt to "exploit any flaw or vulnerability in software," but rather the utilization of "well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access." Microsoft said that the company "can now provide actionable information which can be used to defend against this new approach."

Microsoft said it has been coordinating with others in the security community, and has been "working closely with government agencies in the U.S. and Europe."

US State Department sets up cyber bureau, envoy amid hacking alarm

  US State Department sets up cyber bureau, envoy amid hacking alarm US Secretary of State Antony Blinken announced Monday that the State Department will establish a new bureau and envoy to handle cyber policy, revamping amid alarm over rising hacking attacks. He announced plans, subject to approval by Congress, to create a Bureau of Cyberspace and Digital Policy with a new special envoy for critical and emerging technology. "This structure will provide us with greater leadership and accountability to drive the diplomatic agenda within the interagency and abroad," Blinken wrote.

"While we are clear-eyed that nation-states, including Russia, will not stop attacks like these overnight, we believe steps like the cybersecurity executive order in the U.S., and the greater coordination and information sharing we’ve seen between industry and government in the past two years, have put us all in a much better position to defend against them," Burt wrote.


Meanwhile, a senior administration official explained that the activities Microsoft described taking place were "unsophisticated password spray and phishing attempts for the purpose of surveillance that cybersecurity experts say are attempted every day by Russia and other foreign governments and have been for years."

The official said these types of attempts can be prevented if cloud service providers implement "baseline" cybersecurity practices, including multi-factor authentication—a measure to require users to authenticate their accounts with more than a password.

"Broadly speaking, the federal government is aggressively using our authorities to protect the Nation from cyber threats, including helping the private sector defend itself through increased intelligence sharing, innovative partnerships to deploy cybersecurity technologies, bilateral and multilateral diplomacy, and measures we do not speak about publicly for national security reasons," the official told Fox News.

Russia threatens gas supply in Europe's poorest state

  Russia threatens gas supply in Europe's poorest state Russia threatens gas supply in Europe's poorest state"On Monday our country made history," Moldova's foreign minister tells me. "For the first time Moldova bought gas from a source that was not Russia's Gazprom.

Earlier this year, the Biden administration imposed sanctions on Russia for the SolarWinds computer hack, which began in 2020 when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments. The malware, affecting a product made by the American SolarWinds, gave elite hackers remote access into an organization's networks so they could steal information.


Earlier this month, Biden hosted virtual meetings with more than 30 countries to "accelerate cooperation to counter ransomware," but the White House did not extend the invitation to Russia, senior administration officials said. The officials noted that the United States and the Kremlin have a "separate channel" where they "actively" discuss the matter.

Officials said that the president established a U.S.-Russia experts group for the U.S. to engage "directly" on the issue of ransomware.

"We do look to the Russian government to address ransomware criminal activity coming from actors within Russia," an official said, adding that the Biden administration has "also shared information with Russia regarding criminal ransomware activity being conducted from its territory."

"We’ve seen some steps by the Russian government, and are looking to see follow up actions and broader international cooperation is an important line of effort, because these are transnational criminal organizations," an official said, adding that they "leverage global infrastructure and money laundering networks to carry out their attacks."

Russian tourists flock back to Egypt's Red Sea

  Russian tourists flock back to Egypt's Red Sea Mussa al-Nahas sat outside his fragrance and spice shop overlooking the Red Sea beaming at the sight of Russian tourists, who are beginning to flood back to Sharm el-Sheikh six years after a terror attack. "Today is much, much better than three or four months ago because the Russians are back," he told AFP. "The return of Russian flights has spurred other countries to also open up," he added. Nahas, 42, has spent half of his life in the idyllic, sun-drenched Red Sea resort which was badly hit economically after the 2015 downing of a Metrojet plane that killed 224 mostly Russian passengers.

Biden, during his summit in Geneva with Russian President Vladimir Putin in June, raised the issue of ransomware. At the time, Biden said he told Putin that "certain critical infrastructure should be off limits to attack." Biden said he gave a list of "16 specific entities defined as critical infrastructure," saying it ranged from energy to water systems.

Putin, though, during his press conference after the meeting, denied that Russia was responsible for cyberattacks and instead claimed that the most cyberattacks in the world were carried out from the U.S.

Also over the summer, the president signed a national security memo directing his administration to develop cybersecurity performance goals for critical infrastructure in the United States—entities like electricity utility companies, chemical plants, and nuclear reactors.

Meanwhile, the National Counterintelligence and Security Center last week announced it is prioritizing industry outreach efforts in U.S. technology sectors where the stakes are "potentially greatest" for U.S. economic and national security, warning of "nation-state threats" posed by China and Russia.


The NCSC warned that the Kremlin "is targeting U.S. advances through the employment of a variety of licit and illicit technology transfer mechanisms to support national-level efforts, including its military and intelligence programs."

NCSC officials warned that Russia is also "increasingly looking to talent recruitment" and international scientific collaborations to "advance" their domestic research and development efforts. NCSC said, though, that their "resource constraints" have forced the Kremlin to focus on "indigenous" research and development efforts, such as Russian military applications of artificial intelligence.

NCSC warned that Russia uses intelligence services, academics, joint ventures and business partnerships, talent recruitment, foreign investments, government to government agreements, and more to acquire U.S. technologies.

Fox Business' Meghan Henney contributed to this report.

Veritas cooperates with Microsoft .
© default_credit Veritas NetBackup Recovery Vault Image Veritas Veritas starts with Microsoft a strategic initiative for integrating the Veritas Enterprise Data Services with Microsoft Azure. Both companies expand their long-term partnership. Veritas Technologies has started a strategic initiative with Microsoft at the Microsoft Ignite event to further expand the Veritas Enterprise Data Services with Microsoft Azure.

usr: 1
This is interesting!