Microsoft has found that a threat actor called Nobelium with ties to Russia’s foreign intelligence service SVR is targeting cloud service resellers, technology service providers and their customers to secure privileged access and steal legitimate credentials using phishing, password spray and other common techniques.
Tom Burt, corporate vice president for customer security and trust at Microsoft, wrote in a blog post published Sunday that since May, the company has informed more than 140 service providers and resellers that have been targeted by the threat actor.
“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised,” Burt wrote.
He noted that the company is working to implement several initiatives to protect tech service providers in the U.S. supply chain, including rolling out multifactor authentication to access Partner Center, unveiling a program to provide a free Azure Activity Directory Premium plan for two years and piloting improved monitoring to encourage customers and partners to manage their delegated privileged accounts.
Burt said the company is also issuing technical guidance to help organizations protect their infrastructure from Nobelium’s latest activity.