Microsoft update on nation-state actor issued

Oct 26, 2021 - 01:52 PM
Cybersecurity Lock on Gold Wall

Microsoft on Sunday posted an update on the latest activity by Nobelium, a Russian nation-state actor behind cyberattacks on SolarWinds customers in 2020.

“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling — now or in the future — targets of interest to the Russian government,” the blog post states. 

John Riggi, AHA senior advisor for cybersecurity and risk, said, “The Nobelium threat group, which according to the U.S. government was responsible for the broad supply chain attack leveraging the SolarWinds platform, is now attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. This threat highlights the need for hospitals and health systems to have robust third-party risk management programs that carefully evaluate the cyber risk their organizations could be exposed to through their technology supply chains and services, should those supply chains and services be compromised. These risks are potentially strategic in nature and have national security, business and care delivery implications that go far beyond the protection and privacy of protected health information.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org

Related News Articles

Headline
CISA issues update on voluntary cybersecurity performance goals 
The Cybersecurity and Infrastructure Security Agency Dec. 11 released an update to its voluntary Cybersecurity Performance Goals, which includes measurable…
Headline
Agencies warn of state-sponsored cyberattacks from Russia, China
U.S. and international agencies are warning of potential cyberattacks on health care and other critical infrastructure from state-sponsored cyber actors in…
Headline
CISA alerts of critical vulnerability impacting free program used for building user interfaces 
A critical, unauthenticated remote code execution vulnerability known as React2Shell has been added to the Cybersecurity and Infrastructure Security Agency’s…
Headline
Resources available to help detect malicious AI schemes
The FBI has public resources available to help prevent exploitation by cybercriminals, who use artificial intelligence for deception. An infographic by the FBI…
Headline
NIST says critical vulnerability found in 7-Zip archiving software
A critical vulnerability has been identified in 7-Zip, a free software program used for archiving data, according to the National Institute of Standards and…
Headline
Agencies release guide to protect against bulletproof hosting provider cybercrimes 
U.S. and international agencies Nov. 19 released a guide on mitigating potential cybercrimes from bulletproof hosting providers. A BPH provider is an internet…