Microsoft Says Russia Hacked at Least 14 IT Service Providers this Year

Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies. From a report: The Microsoft Threat Intelligence Center (MSTIC) said the attacks were part of a planned campaign that began in May this year. The attacks included spear-phishing campaigns and password-spraying operations that targeted employees of companies that manage IT and cloud infrastructure on behalf of their clients. "We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems and more easily impersonate an organization's trusted technology partner to gain access to their downstream customers," said Tom Burt, Corporate Vice President for Customer Security & Trust at Microsoft.

Re:

[saloomy]

The more the hackers fuck over small IT shops and mid-sized cloud providers, the more consolidation you will see in GCP, AWS, and Azure. Relying on your competitors for software was always going to lead to this. They can end your business. This is the politically easy way to go about doing that.

Re:

[Narcocide]

Nice way to slide in the inferred lie that the major cloud providers weren't also hacked left right and center.

Re: Hooray for Microsoft Windows.

[saloomy]

Citation?

Re:

[tinkerton]

That may inadvertently be the best interpretation of the microsoft claims. People got in using 'well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access'.
Nothing in any way advanced and the Russia link was pulled out of the air to divert from their (relatively)sloppy security policies.

So how do we know if we were compromised

[sheph]

This is the best part right here "Microsoft did not reveal the names of any of the 14 IT and cloud service providers successfully compromised in this campaign." So the people who were compromised by this potentially don't even know because protecting those providers is more important than protecting those who trusted those providers.

Re:

[fustakrakich]

This is the best part right here "Microsoft did not reveal the names of any of the 14 IT and cloud service providers successfully compromised in this campaign."

Professional courtesy

Re:

[Narcocide]

True story: Once upon a time my parents paid someone to hack me. This person they hired couldn't, and confessed this to me directly from a former friend's hacked IM account, then went on to say it didn't matter because they'd be paid in full anyway just for claiming to have hacked me, and nobody else would bother to verify it. I wouldn't have believed it at all, having had no interaction with my estranged parents decades by then, until dozens of other random estranged relatives and former co-workers came

Re:

[Narcocide]

Hey FBI, this poster is guilty of TREASON.

Re:

[deKernel]

Nice narcissistic rant there bro. You might want to add that you then magically "hacked" the hacker to get pictures of his girl friend for whom you eventually married. Think how kewl that makes you sound.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Narcocide]

(This is how you can tell they actually know and are in damage control mode.)

Re:

[Narcocide]

Also the estimate of "over 140" targets attacked is probably short by a few billion.

Re:

[Narcocide]

It's supposed to be the FBI but they're the first organization the Russians compromised.

How to get rid of Russia?

[Mazzachre]

Probably nuking the entire site is an over reaction, but how to get Russia off the internet otherwise?

Re:

[Tablizer]

Since the Russian gov't doesn't seem to want to prosecute them, kidnappings may be in order.

Re:

[Mazzachre]

It seems to be Russia's gov't that is behind all of this...

Re:

[Tablizer]

Same solution either way: kidnap them and bring them to justice.

Re:

[Tablizer]

and/or nuke Microsoft.

Can we have a list of all hacking?

[BardBollocks]

How much By China, The US, Israel?

Nobelium

[qaz123]

How do they know their names? Do they tell them "we are Nobelium!" Or "we are Fancy Bear!". Or is it the Americans who assign the names?
Buy the way, I doubt it very much that a programmer from Russia with his level of English (usually only enough to read technical documentation in English) can come up with such a name as "Fancy Bear". It's too idiomatic. Russian media even struggle to translate "Fancy Bear" to Russian in the news. Too many meanings of the word "fancy". They don't know which one to choose.

Who named the bear? [Re:Nobelium]

[XXongo]

...Buy the way, I doubt it very much that a programmer from Russia with his level of English (usually only enough to read technical documentation in English) can come up with such a name as "Fancy Bear".

Correct. Nobody knows what (if anything) they call theselves; the name "Fancy Bear" was the tag given by security researchers in the US, derived from the coding terminology that Crowdstrike uses for hacker groups. "Fancy" refers to "Sofacy", a word in the malware.
See: https://www.crowdstrike.com/bl... [crowdstrike.com] https://en.wikipedia.org/wiki/... [wikipedia.org] https://www.wired.com/story/ru... [wired.com]

Re:

[Corbets]

Posting to undo moderation; I intended to mark it insightful and Slashdot’s one-click no-confirmation system screwed the pooch.

14 Microsoft IT Service Providers

[oldgraybeard]

Fixed that. Have a great day ;)

Are they giving any evidence to supp their claims?

[Lockywolf]

I have read the blog post and the "report", and it seems little more than a marketing issue. "We have seen a series of attacks and hence you have to install our defensive software." In total, they are making three claims: 1. Some companies were hacked. 2. It is the same group that had been responsible for hacking SolarWinds some time ago. 3. It is somehow related to one of the Russian state security agencies. I haven't found any evidence to support any of these claims. The claim that there was an attack i