{"id":43596,"date":"2021-10-25T21:50:00","date_gmt":"2021-10-25T21:50:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat"},"modified":"2021-10-25T21:50:00","modified_gmt":"2021-10-25T21:50:00","slug":"solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/","title":{"rendered":"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Nobelium, the Russia-based threat actor behind the supply chain attack on SolarWinds, is targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies.<\/p>\n<p>Since May, Nobelium&nbsp;has attacked at least 140 cloud service providers and compromised 14 of them, according to Microsoft, which has been tracking the campaign. <\/p>\n<p>Once on a service provider&#8217;s network, Nobelium has been targeting the privileged accounts that providers use to access and manage networks belonging to their downstream customers. It has used several&nbsp;tactics, including&nbsp;password spraying, phishing, token theft, and API abuse, to steal legitimate credentials for these accounts. The attackers have then used the privileged accounts to gain a foothold on systems belonging to targeted downstream customers of the service provider. Victims have included enterprise organizations, technology vendors, government entities, and think tanks, Microsoft said. Most of the organizations that have been targeted are based in the United States or countries across Europe.<\/p>\n<p>\nThe attacks on service providers\u2014and resulting compromises\u2014are not the result of product security vulnerabilities. Rather, they are the result of Nobelium actors taking advantage of any direct access that Internet and cloud service providers have to their customer systems, said Tom Burt, corporate vice president of customer security and trust at Microsoft, in a blog posted&nbsp;Sunday.&nbsp;<\/p>\n<p> &#8220;We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers\u2019 IT systems and more easily impersonate an organization\u2019s trusted technology partner to gain access to their downstream customers,&#8221; <a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2021\/10\/24\/new-activity-from-russian-actor-nobelium\/\" target=\"_blank\" rel=\"noopener\">Burt wrote<\/a>.<\/p>\n<p>This latest Nobelium campaign is an example of attackers&#8217; growing focus on targets that provide them with means&nbsp;to compromise multiple organizations at the same time without having to break into each one separately. Examples of such targets include cloud service providers, managed service providers, software vendors, and other trusted entities in the technology supply chain, many of which have privileged access rights on networks belonging to their customers. <\/p>\n<p>In the <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/solarwinds-ceo-attack-began-much-earlier-than-previously-thought\/d\/d-id\/1341072\" target=\"_blank\" rel=\"noopener\">SolarWinds campaign<\/a>, Nobelium broke into the company&#8217;s software build environment and used its access to quietly embed malicious code into legitimate updates of SolarWinds&#8217; Orion network management product. That single intrusion gave the attacker a way to distribute malware to thousands of organizations, though it was interested in stealing data from only a small subset of its victims.&nbsp;<\/p>\n<p>&#8220;This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,&#8221; Burt said. <\/p>\n<p>In July, threat group REvil used a similar tactic by&nbsp;targeting a <a href=\"https:\/\/www.darkreading.com\/vulnerabilities---threats\/attacks-on-kaseya-servers-led-to-ransomware-in-less-than-2-hours\/d\/d-id\/1341496\" target=\"_blank\" rel=\"noopener\">Kaseya server technology<\/a>\u2014which&nbsp;many managed service providers use\u2014to distribute ransomware to thousands of their downstream customers.<\/p>\n<p>For enterprise organizations, the main takeaway from such attacks is that supply chain threats extend well beyond just software vendors, says Jake Williams, cofounder and CTO at BreachQuest. IT service providers often have relatively poor security themselves while simultaneously having access to numerous customer networks, he adds.&nbsp;<\/p>\n<p>&#8220;Every penetration security professional has horror stories about security at IT service providers,&#8221; Williams says. &#8220;In one example, if I know the organization is serviced by a particular provider and the year the contract began, I know the domain admin password for the network.&#8221;<\/p>\n<p><strong>A Persistent Adversary <\/strong><\/p>\n<p>Nobelium is a threat actor that the US government and others have formally identified as being linked to Russia&#8217;s foreign intelligence service, SVR. One of its missions is to collect information and conduct surveillance on organizations and entities thought to be of interest to the Russian government. Microsoft and others believe the group is trying to gain and maintain persistent access to a variety of entry points on the technology supply chain as part of this mission. Burt said that between July 1 and mid-October of 2021,&nbsp;Microsoft security researchers observed some 22,868 Nobelium attacks on organizations in the US and elsewhere. So far, Microsoft has informed 609 customers of being targets of these attacks, he said.<\/p>\n<p>Williams describes Nobelium as a truly persistent adversary. &#8220;Nobelium is one of the best in the threat actor ecosystem at remaining undetected after a remediation attempt,&#8221; Williams notes. &#8220;Often organizations fail to fully remediate incidents, leaving the threat actor access to the network after the remediation is considered complete,&#8221; he says.<\/p>\n<p>Microsoft has recommended steps that organizations can take to reduce their exposure to attacks like Nobelium&#8217;s that try to take advantage of the delegated administrative privileges that third parties often have on customer networks. The recommendations are different for service providers and for enterprise customers of these providers. <\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/10\/25\/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks\/\" target=\"_blank\" rel=\"noopener\">The recommendations<\/a> for enterprise organizations include the need to review, audit, and limit third-party access privileges and delegated permissions on their network; the use of multifactor authentication and conditional access policies; and the need to audit and review logs and configurations. For service providers, Microsoft recommended they remove connections with delegated access privileges on customer networks, when not in use. The company also urged service providers to review and audit security controls around connections with customer networks and to conduct a thorough investigation to verify if they had been breached in the current Nobelium campaign.<\/p>\n<p>Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, says the recent activity demonstrates the significant risk to organizations when an APT group targets privileged accounts.&nbsp;<\/p>\n<p>&#8220;Trusted relationships between providers and user organizations are highly valuable and an essential part of modern security processes,&#8221; he says. &#8220;Compromising privileged accounts that have a high-level of access enables threat actors to move through the cyber kill chain with little chance of being detected.&#8221; Given that many of the organizations impacted by Nobelium&#8217;s activity are reportedly cloud and managed service providers, and considering the group&#8217;s established ability to move laterally on compromised networks, it is possible that the scope of Nobelium&#8217;s latest campaign could increase, he says.<\/p>\n<p>ImmuniWeb founder&nbsp;Ilia Kolochenko recommends organizations implement a third-party risk management (TPRM) program that goes beyond the usual one-size-fits-all questionnaire for assessing vendor risk. He suggests organizations focus on drafting an adequate, proportional, and threat-aware vendor assessment process as part of their TPRM process. &#8220;Reasonable contractual clauses, allocating the risks of data breaches and security incidents, can motivate vendors to maintain better security,&#8221; he says.&nbsp;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft says the group has attacked more than 140 service providers, and compromised 14 of them, between May and October of this year.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-43596","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-25T21:50:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat\",\"datePublished\":\"2021-10-25T21:50:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/\"},\"wordCount\":1071,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte88b5f4ca088f27f\\\/617720257b858563c8bc481f\\\/solarwinds.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/\",\"name\":\"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte88b5f4ca088f27f\\\/617720257b858563c8bc481f\\\/solarwinds.jpg\",\"datePublished\":\"2021-10-25T21:50:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte88b5f4ca088f27f\\\/617720257b858563c8bc481f\\\/solarwinds.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blte88b5f4ca088f27f\\\/617720257b858563c8bc481f\\\/solarwinds.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-10-25T21:50:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat","datePublished":"2021-10-25T21:50:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/"},"wordCount":1071,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/","url":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/","name":"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg","datePublished":"2021-10-25T21:50:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blte88b5f4ca088f27f\/617720257b858563c8bc481f\/solarwinds.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attacker-targets-cloud-service-providers-in-new-supply-chain-threat\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=43596"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/43596\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=43596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=43596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=43596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}