Microsoft says Nobelium, the Russian nation-state hacking group behind the massive Solarwinds attack, is back. This time they’re targeting a different area of the supply chain.

According to Microsoft, Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This is the same group that carried out attacks on SolarWinds customers in 2020.

Now, Nobelium is attacking resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers.

Tom Burt is Microsoft‘s corporate vice president of customer security and trust.

Microsoft’s Tom Burt

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” he said in a blog. “We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community.”

Mounting Targets

Since May, Microsoft has notified more than 140 resellers and technology service providers that have been targeted by Nobelium, Burt said.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised,” he said. “Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers and their customers take timely steps to help ensure Nobelium is not more successful.”

These attacks have been a part of a larger wave of Nobelium activities this summer, according to Microsoft. Between July 1 and Oct. 19, Microsoft informed more than 600 customers that they had been attacked nearly 22,900 times by Nobelium, with a success rate in the low single digits.

In comparison, prior to July 1, Microsoft had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

Scroll through our slideshow above for more on Nobelium, and more from Microsoft and other cybersecurity experts.