The truce is already over. A hacker attack by the Russian secret services hits the United States again. The alarm starts from Microsoft: in a note published this Sunday, the company founded by Bill Gates denounced “a vast campaign” underway by Russian intelligence to “obtain systematic and long-term access to a variety of points of the supply chain ”and“ establish a mechanism to monitor – now or in the future – the objectives of interest to the Russian government ”.
Behind the attack, explains Tom Burt, one of Microsoft’s security officers, is said to be “the Russian state actor Nobelium”. It is the hacker collective responsible for the attack on the software company Solar Winds in 2020 and identified by the US government as part of the SVR, the Russian secret service agency of President Vladimir Putin , heir to the Soviet KGB.
The cyber campaign has been underway since last May, the company unveils, and has hit the cloud services of hundreds of Microsoft’s resellers, with an increasing pace: from July 1 to October 19, 22,868 attacks against 609 resellers were recorded, although only “a small fraction” of the attacks were successful. According to the New York Times, the target of the 007 in Moscow would be a wider audience: “Thousands of American government networks, companies and think tanks”.
A large-scale operation, but not particularly sophisticated. Hackers got in using techniques known as phishing – stealing a password through a malware-infected email. “Simple, routine operations that could have been avoided if cloud service providers had implemented basic cyber security practices,” a senior US government source confesses to the New York Times.
However, the relative impact of the hacker attack does not detract from its political significance. Just four months ago, in a June meeting in Switzerland, in Geneva, US President Joe Biden asked Putin to put a stop to attacks by hackers linked to the Kremlin and to consider attacks against a list of infrastructures “off-limits” criticisms.
But not even the shadow of progress. “I have not seen any significant change – admitted two weeks ago the director of the American Cybersecurity Agency (Cisa) Jen Easterly – and a serious problem”. Biden’s ultimatum to Putin in June had solid reasons. Between the winter of 2020, close to the presidential elections, and the summer of 2021, the United States was hit by a record wave of cyber attacks attributable to Russian intelligence agencies.
After the Solar Winds case, which exposed the vulnerability of an entire supply chain, in July it was the turn of Kaseya, another software company hacked by the Kremlin. And Nobelium’s return to action is just the tip of the iceberg. In a report released last week, Microsoft accused the Russian government of being responsible for 58% of all government-entity hacking attacks in 2021, followed by North Korea, Iran and China. To avert a new intrusion, the Redmond giant is ready to introduce new security measures, including contractual obligations to force its retailers to comply with the cybersecurity practices indicated by the company.
