More SVR activities.
Microsoft has identified extensive new activities by Russia’s SVR foreign intelligence service, which the company tracks as Nobelium and others know as Cozy Bear. The current operations, which Microsoft describes as “very large,” and “ongoing,” show no signs of abating. (NSA cyber director Joyce tweeted a link with approval, and advice.) Microsoft notes that this is the same actor that was behind the SolarWinds attacks last year.
Microsoft stated, "Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers. We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community. Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised."
Mandiant, which has been tracking software supply chain attacks of the kind Microsoft announced with such éclat at the beginning of the week, has offered advice on how organizations can remediate attacks and harden their systems against the threat.
Coup in Sudan, and the Internet and telecoms go dark.
NetBlocks confirms that Internet service has been disrupted in Sudan. A military coup has taken place, and fighting continues in many parts of the country. The US embassy in Khartoum has advised American citizens in Sudan to shelter in place.
NetBlocks explains, "Metrics corroborate user reports of network disruptions appearing consistent with an internet shutdown. The disruption is likely to limit the free flow of information online and news coverage of incidents on the ground. This class of internet disruption affects connectivity at the network layer and cannot always be worked around with the use of circumvention software or VPNs."