SolarWinds’ Hackers are Back

PowerKee
4 min readOct 29, 2021

--

PowerKee’s Bastion of Privacy #47 — Russian intelligence-backed hacker consortium targets American companies

In a damning post on its blog on Sunday, October 24th, 2021, Microsoft reported that the Russian government backed hacker consortium Nobelium had launched another series of attacks on American businesses. According to Microsoft, Nobelium has been responsible for attacks against up to 140 IT companies in the US, with 14 of those attempts being successful. The group gained notoriety after hacking the firm SolarWinds in 2020.

In the latest Bastion of Privacy, we examine Microsoft’s report and detail the kinds of cyber attacks carried out by Nobelium. We also examine some of the root flaws that give rise to such repeated security concerns.

Development Update

The Masternode Testing in a static node environment is still going on. We do auto testing the masternode functionality and run different ping tests. Once completed we do transfer and upgrade the masternode activation test. Once switched into an organic node environment, debugging and testing the mechanism for calculating the reward in the masternode starts. We do run on full venture capacity. Please submit your native KEE token wallet here.

Nation state hackers execute coordinated network attacks

According to the Microsoft Threat Intelligence Center (MSTIC), the latest series of attacks are a continuation of the SolarWinds incident. The primary targets are employees of IT and cloud infrastructure management companies, with the hackers looking to backdoor their way into downstream customer systems. Microsoft believes this is an attempt by the Russian intelligence agencies to surveil assets of strategic importance to their government.

In SolarWinds’ case, the hackers took advantage of routine updates that are sent to clients and moved malware onto client IT systems. This created a backdoor that was used to spy on the operations of these establishments and steal information. Companies affected by this attack include Microsoft, Cisco, Intel, and Deloitte. Also, government establishments were affected, including the Pentagon, the Department of Homeland Security, the State Department, and the Department of Energy, among others.

Microsoft also highlighted that the latest attacks have increased in intensity. Between July 1st and October 19th this year, the company revealed that it had notified 609 customers of 22,868 attacks by Nobelium. Despite low success rates, the number of attacks are significantly higher than in previous periods.

Hackers look to exploit different flaws

While Nobeilum’s primary targets remain the employees of IT and cloud infrastructure management companies, the hackers are now using spear-phishing campaigns and password-spraying operations to attack their victims. Corporate Vice President for Customer Security & Trust at Microsoft, Tom Burt believes that Nobelium’s strategy is to ride upon the direct access that these resellers may have to their customers’ IT systems to reach their main targets, the downstream customers.

According to Burt, Microsoft has learned enough about this attack to provide “actionable information” that customers can use to protect themselves. He also outlined some of the proactive steps Microsoft had been taking to ensure vulnerabilities were fixed before they could be epxloited. In September 2020, the company updated its reseller contracts to expand Microsoft’s rights to enforce security protections by restricting partner portal access.

Microsoft also emphasizes multi-factor authentication when accessing cloud portals and underlying services. Despite these assurances, the fact that multiple nation states other than Russia continue to attack businesses are alarming. Seemingly every security solution has a flaw that is vulnerable to exploitation. Users caught in the crossfire are usually left with no recourse.

Security centralization a possible issue

This pattern is not uncommon with mainstream cybersecurity systems. A vulnerability is detected, the service provider releases a detailed report, and announces fixes. Some time later, news breaks that hackers have changed their attack vectors, much like this case with Nobelium. While increasing cybersecurity sophistication is one solution, perhaps an easier route to take would be to decentralize security functions on the blockchain.

This architecture ensures complete privacy and removes any incentive hackers might have to compromise the network. For instance, users transferring value on networks like PowerKee can rest assured that their money and assets will always be safe due to anonymity enforced from the beginning. Users can thus execute international transfers and other forms of value exchange securely, without the need for complex cybersecurity measures.

About PowerKee

PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing that provides strong privacy to its users.

--

--

PowerKee

PowerKee is a decentralized cryptocurrency network that prioritizes privacy secured by proof-of-stake. Your Privacy. Your Rights. Your Assets.