The hackers have been hitting a different part of the supply chain than in the 2020 breach: companies that buy and distribute software and manage cloud computing services. Microsoft did not name the victim companies or identify the ultimate targets of the alleged Russian spies.
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government,” said Tom Burt, Microsoft’s corporate vice president, customer security and trust.
The hackers have tried to break into more than 140 software resellers and other tech firms through common techniques such as phishing, according to Microsoft. The ultimate goal is to “impersonate an organization’s trusted technology partner to gain access to their downstream customers,” Burt said.
It’s the latest insight on a Russian group that has in the last two years confounded US government and corporate defenses.
The hackers are best known for using tampered software made by federal contractor SolarWinds to breach at least nine US agencies in activity that came to light in December 2020. The attackers were undetected for months in the unclassified email networks of the departments of Justice, Homeland Security and others.
The Biden administration in April attributed the spying campaign to Russia’s foreign intelligence service, the SVR, and criticized Moscow for exposing thousands of SolarWinds customers to malicious code. Moscow has denied involvement.
— CNN Business’ Jordan Valinsky contributed to this report