Last year SolarWinds was hacked by a Russian hacking group, Nobelium. These hackers were behind the successful breach in 2020 for compromising the safety details of companies. Microsoft disclosed that US federal agencies compromised privacy net of 14 technology firms since May as part of another apparent espionage campaign.
Microsoft explained that these hackers have been hitting a different part of the supply chain than in the 2020 breach: companies that buy and distribute software and manage cloud computing services. Although, the name of the victim companies is not disclosed so as not to reveal whom all are these Russian spies targeting.
An official from Microsoft who is closely working on the case mentioned that the Russian hacking group had been leveraging compromised technology vendors to try to infiltrate US and European government networks in previously unreported activity.
Tom Burt, Microsoft’s corporate vice president customer security and trust further added that with this recent activity, it is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling. It is happening now or in the future for the targets of interest to the Russian government.
The spies carefully planned their execution and instead of attacking the website directly, they spiraled it through the indirect method. This is being called a ‘Supply Chain’ attack. Instead of directly attacking the federal government or a private organisation’s network, the hackers target a third-party vendor, which supplies software to them. In this case, the target was IT management software called Orion, supplied by the Texas-based company SolarWinds. Orion has been dominant software from SolarWinds with clients, which include over 33,000 companies. SolarWinds says 18,000 of its clients have been impacted. Incidentally, the company has deleted the list of clients from its official websites after the attack.