In case the memory of the SolarWinds cyberattack that almost broke the internet with headlines and tweets earlier this year momentarily slipped your mind, Microsoft warned officially Sunday that there’s more on the way. October, Cybersecurity Awareness Month is also a time for chills and scares, some very real ones for the technology community and business sector at large.

A hacker group associated with Russia’s intelligence agency is engaged in a major ongoing campaign to seize access to thousands of government and private computer networks. Microsoft first posted the warning Sunday, signaling that these Moscow-backed cyberattacks on the U.S. have continued with the current administration’s sanctions seemingly having no lasting or even noticeable impact.

This blog explores the major takeaways from Microsoft, and what you need to know to protect your network and your business.

According to Microsoft, NOBELIUM—the hacking group behind the SolarWinds attack—is now actively targeting various cloud service providers and other IT services organizations based in the United States and throughout Europe—a campaign that started in May of 2021. Microsoft has notified victims to date of what it details as “nation-state” activities and is actively working with them to expand its investigation on these attacks.

Tom Burt, Microsoft vice president of customer security explained via the New York Times that NOBELIUM’s current campaign is “very large, and it is ongoing.” According to the Times, high-ranking government officials confirmed the operation is aimed at breeching access to cloud-stored data and seems to be backed by Russia’s foreign intelligence agency SVR.

The victims are gradually ticking to a staggering total, currently at 22,868 total identified attacks by NOBELIUM—that’s between just July 1st and October 19th 2021. In a separate blog post from Microsoft, Burt shares that 609 organizations have been impacted by these attacks in total. How does that stack up against the cybersecurity status quo?

By comparison, Microsoft stated it’s only detected 20,500 targeted attacks from “all nation-state actors” over the entirety of the last three years. Microsoft noted that only a small percentage of the latest attempts succeeded but didn’t get into the hard details on how.

On the heels of this news, Microsoft has made it very clear that these attacks have been ruthlessly focused on its “resellers,” CSP firms that customize the use of the cloud, (specifically Azure and M365) for SMBs, the business enterprise, and educational and governmental institutions. The Russian hackers surmised that by targeting and infiltrating CSPs they could gain high-level access to all the data they wanted—from private company financials to vaccine research to private government email.

Is your MSP or CSP protected?

Ensuring that you’re partnering with a managed services provider or cloud service provider that invests in edge security solutions while following the best practices it preaches is imperative. In addition, this news is a great reminder to add user caution and awareness, educating your workforce on the ongoing hacker campaign and how they can protect themselves along with your connected workforce.

A recent MicroAge survey found that 52% of IT leaders lack support in the area of cybersecurity. And that’s a problem with security becoming priority one for IT leaders who are dealing with the challenges of having a workforce that is sometimes haphazardly connected—dotting across corporate headquarters, home offices, and sometimes continents in the process.

Leveraging a managed services provider fluent in the latest cybersecurity solutions and ready to position your organization for resilience on the cloud is mission-critical to any organization that wants to stay in business. It’s that simple.