Microsoft has announced the activation of the Nobelium cyber group, which attacked the American software developer SolarWinds more than a year ago and gained access to US government data.
Microsoft has reported that a hacker group allegedly linked to Russian intelligence has significantly intensified its activities in recent months. From the beginning of July to mid-October, the hacker group carried out 22.9 thousand cyber attacks on 609 companies.
However, Russian experts do not agree at all with Microsoft representatives. So, Alexey Lukatsky, Cisco information security consultant, said that no one has shown evidence that hackers from Russia are behind the Nobelium hacker group.
According to him, if an attack is carried out from Russian IP addresses and code fragments have previously been attributed to Russian hackers (often also without evidence), experts conclude that Russians are behind the attack.
“It is now fashionable to accuse Russia of cyber attacks, as some countries allocate large budgets to increase the level of protection against cyber attacks and some companies believe that it is easy to get them to fight a known enemy,” said Lukatsky.
Anastasia Tikhonova, head of the Threat Intelligence Group-IB complex threat research group, also believes that there is no clear evidence that Russian hackers are behind the activities of the Dark Halo (Nobelium) group.
“No tactics, techniques and procedures that could prove intersections between the actions of Dark Halo (Nobelium) and another well-known group of attackers were presented, except perhaps a comparison of the Sunburst backdoor used by Dark Halo (Nobelium) with the Kazuar RAT, which is used by hackers of the Turla group,” added she.
Sergey Nenakhov, Head of the Information Security Audit Department at Infosecurity, agrees with Tikhonova and Lukatsky. According to him, in order to draw conclusions about the involvement of a particular group of hackers in the attack, companies must have access to a large amount of telemetry data that can be collected by a very limited number of them. Microsoft, as a major player, can afford such an investigation, but it is unclear how independent this company is from political interference, Nenakhov said.
