Russia-based threat actor behind supply chain attack on SolarWinds is targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies. Victims have included enterprise organizations, technology vendors, government entities, and think tanks, Microsoft says. The attacks on service providers and resulting compromises are not the result of product security vulnerabilities, the company says. Microsoft has recommended steps that organizations take to reduce exposure to attacks like Nobelium’s.”]