Microsoft claims that the cybercriminals behind the malicious hacking activities have attempted password spraying and brute force attempts being conducted out against several customers accounts, and while the malicious activity has been largely unsuccessful, which is yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise plenty of entities never really went away.
Both password spray and brute force attacks attempt to gain unwanted access to an online account by predicting a password. On the other hand, Password spray attacks aim to escape countermeasures by using the same passwords across numerous accounts at the same time. While brute force attacks repeatedly trying a bunch of different passwords on a single account.
Microsoft further says the Russian state-sponsored Nobelium hacking group has found additional attacks, including a hacked computer support agent that displayed information about customers’ subscriptions. Nobelium is Microsoft’s term for a Russian-based state-sponsored cybercriminal group suspected of being behind the SolarWinds supply-chain cyberattacks.
The cybercriminal has now targeted Microsoft for the second time, following the company’s disclosure earlier this month that attackers had gained access to its network and were able to see source code linked to its products and services, including Azure, Intune, and Exchange services.
Microsoft said Nobelium targeted IT companies, governments, non-profits, think tanks, and financial services entities in 36 countries during the recent attack. “The activity was largely focused on U.S. interests, about 45%, followed by 10% in the U.K., and smaller numbers from Germany and Canada,” the US-based software giant stated in a blog post.
Microsoft informed concerned consumers to be careful when communicating with their billing contacts and consider changing their usernames and email addresses and preventing users from logging in with outdated credentials.
These Microsoft and SolarWinds recent cyberattacks have raised concerns among government and industrial security professionals that Russian hackers have been attempting to make a long-standing and purposeful effort to break into the United States’ tech firms and use them as a back door government and business targets. While SolarWinds spokeswoman said on the matter, “The latest cyberattack reported by Microsoft does not involve our company or our customers in any way.”
On the other hand, the Biden administration announced a series of measures against Russia in April, citing the SolarWinds cyberattack, among other things. However, the measures have been denounced by Russia. Ever since then, the Russian-affiliated hackers have made it obvious that they plan to keep attacking. In May, Microsoft found that the hackers were behind a phishing campaign that targeted 3,000 email accounts belonging to employees at more than 150 organizations.