Microsoft has warned that nation-state cyberattacks aren’t slowing and has called for “clear rules” governing nation-state conduct in cyberspace and “clear expectations of the consequences for violation of those rules”.
The clarion call follows another wave of Russian cyber-attacks that has targeted government agencies and human rights groups in 24 countries, most in the US, according to the company.
It said about 3,000 email accounts at more than 150 different organisations had been attacked this past week.
The group responsible – which Microsoft calls Nobelium – was the same one that carried out last year’s SolarWinds attacks, which Russia’s Foreign Intelligence Service (SVR) is accused of orchestrating, Microsoft said.
Russia has denied both cyber-attacks.
In a statement Microsoft said: “This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations.”
“This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations. While organizations in the United States received the largest share of attacks, targeted victims span at least 24 countries. At least a quarter of the targeted organizations were involved in international development, humanitarian, and human rights work.”
“Nobelium, originating from Russia, is the same actor behind the attacks on SolarWinds customers in 2020. These attacks appear to be a continuation of multiple efforts by Nobelium to target government agencies involved in foreign policy as part of intelligence gathering efforts.”
A spokesperson for the US Cybersecurity and Infrastructure Security Agency (CISA) told CBS News that authorities were aware of the attack and were trying “to better understand the extent of the compromise and assist potential victims”.
Microsoft said many of the attacks targeting its customers were blocked automatically. It is not yet clear how many of the attempts led to successful intrusions.
Microsoft was clear about the potential for harm by such actions, however:
“First, when coupled with the attack on SolarWinds, it’s clear that part of Nobelium’s playbook is to gain access to trusted technology providers and infect their customers. By piggybacking on software updates and now mass email providers, Nobelium increases the chances of collateral damage in espionage operations and undermines trust in the technology ecosystem.”
The latest attempted hacks follow the targeting of US company SolarWinds’ Orion platform to access US government departments, about 100 private companies and small numbers of UK organisations.