Thousands of cyberattacks allegedly carried out by the SolarWinds threat actor were directed at IT service providers, according to Microsoft's declaration.

Microsoft is currently facing a cyber espionage campaign by the Russian nation-state threat actor known as Nobelium (APT29). This latest attack, part of a larger wave of Nobelium activities this summer, is indicative of ongoing efforts by nation-state actors to gather intelligence and compromise corporate networks.

The hacking campaigns by Nobelium began in May 2021, with the SolarWinds hack demonstrating that supply chain attacks are changing and attackers are widening their scope of potential victims. The SolarWinds campaign, which was not "espionage as usual" according to Microsoft President Brad Smith in December 2021, highlighted the need for increased cybersecurity measures.

In the current campaign, Microsoft believes Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers' IT systems. The main targets of Nobelium in this latest campaign are visitors to compromised websites, who are tricked into connecting their Microsoft accounts with attackers' devices as part of a broader attack aimed at stealing account credentials.

Microsoft has identified at least 14 breaches so far, but details about the severity of these breaches were not provided. The company has alerted 609 organizations that were targeted 22,868 times between July 1 and Oct. 19, 2021.

The attacks are believed to be aimed at data that resellers possess, which could grant attackers access to government emails, defense technologies, or vaccine research. This underscores the potential seriousness of the breaches, despite the U.S. official describing the campaign as particularly "unsophisticated."

Cyber espionage exists in an international law gray area, as it is technically legal. However, if any breach is successful at Microsoft or other cloud providers, the companies would be the responsible parties. The government has limited ability to protect private industry networks, with the exception of effective information sharing.

This latest campaign against Microsoft is not the first time Nobelium has targeted the company. Following the initial SolarWinds hack, Nobelium pursued Microsoft as one of its secondary targets. In 2015, Obama and China agreed to restrict "economic" cyber espionage, but it remains to be seen whether such agreements will prevent similar attacks in the future.

Microsoft has announced that it has taken steps to protect its customers, including providing guidance on how to detect and respond to Nobelium's tactics. The company encourages all organizations to review their security measures and stay vigilant against potential cyber threats.