1 / 2

Supply chain attacks 2021

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain CyberattacksOriginal article: https://threatpost.com/solarwinds-tech-resellers-supply-chain-cybe...<br>

raydenalice
Download Presentation

Supply chain attacks 2021

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Supply chain attacks 2021 SolarWinds APT Targets Tech Resellers in Latest Supply-Chain CyberattacksOriginal article: https://threatpost.com/solarwinds-tech-resellers-supply-chain-cybe... Click Here:- https://www.youtube.com/watch?v=RMq8BN_RBRc The SolarWinds attackers – an advanced persistent threat (APT) known as Nobelium – have started a new wave of supply-chain intrusions, this time using the technology reseller/service provider community to attack their targets. The activity has affected victims in North America and Europe thus far, researchers said, and the goal is espionage: Nobelium has been linked to the Russian government’s foreign intelligence service, known as SVR. According to an analysis from Mandiant and Microsoft, Nobelium isn’t exploiting a vulnerability or, as was the case with SolarWinds, trojanizing legitimate code. Instead, it’s infiltrating reseller networks using tried-and- true tactics like credential-stuffing and phishing, as well as API abuse and token theft, in order to gather legitimate account credentials and privileged access to reseller networks. From there, Nobelium attempts to pivot and land inside the networks of reseller customers downstream. Once inside a reseller network, it becomes much easier to impersonate the company and exploit the trusted relationship that reseller has with its customers, researchers pointed out. “Mandiant has investigated multiple intrusions in 2021 where suspected Russian threat actors exploited supply-chain relationships between technology companies and their customers,” said Mandiant senior vice president and CTO Charles Carmakal, via email. “While the SolarWinds supply-chain attack involved malicious code inserted in legitimate software, most of this recent intrusion activity has involved leveraging stolen identities and the networks of technology solutions, services and reseller companies in North America and Europe to ultimately access the environments of organizations that are targeted by the Russian government.” Since May, Microsoft has observed Nobelium attacking more than 140 resellers and technology service providers, it said, with about 14 of them succumbing to compromise. However, in its writeup, issued Sunday, the software giant didn’t say how many downstream customers have been affected.

  2. Mandiant’s Carmakal only said that the firm has seen successful intrusions into on-premises and cloud victim environments. “This attack path makes it very difficult for victim organizations to discover they were compromised and investigate the actions taken by the threat actor,” Carmakal said. “Investigating these intrusions requires collaboration and information-sharing across multiple victim organizations, which is ch allenging due to privacy concerns and organizational sensitivities.” The approach is also particularly effective for Nobelium because it allows the cyberattackers to avoid dealing with what could be strong defense measures at the end-user targets, he added. “It shifts the initial intrusion away from the ultimate targets, which in some situations are organizations with more mature cyberdefenses, to smaller technology partners with less mature cyberdefenses,” he said. If successful, an attack could allow for data theft, reconnaissance, compromise of customer systems and more.

More Related