Microsoft said on Friday that an attacker gained access to one of its customer service representatives and then used information from it to launch hacking attempts against customers.
The company said it found the compromise during its response to hacks by a team it identified as responsible for previous major security breaches at SolarWinds and Microsoft.
Microsoft said it had warned affected customers. A copy of a warning seen by Reuters states that the attacker belonged to the group Microsoft calls Nobelium and that he had access in the latter part of May.
“A sophisticated actor associated with a national state that Microsoft identifies as Nobelium has accessed Microsoft customer support tools to verify information about your Microsoft Services subscriptions,” the warning reads in part. The US government has publicly attributed the previous attacks to the Russian government, which denies involvement.
When Reuters asked about this warning, Microsoft publicly announced the violation.
After commenting on a broader phishing campaign alleged to have compromised a small number of companies, Microsoft said it had also found breach of its own agent, who allegedly had limited powers.
Among other things, the agent could see billing contact information and what services customers are paying for.
“The actor used this information in some cases to launch targeted attacks as part of his larger campaign,” Microsoft said.
WARNING TO AFFECTED PARTIES
Microsoft warned affected customers to be careful when communicating with their billing contacts and consider changing these usernames and email addresses, as well as blocking old usernames from logging in.
Microsoft said it was aware of three entities that were compromised in the phishing campaign.
It was not immediately clarified whether it was among those whose data was viewed by the support agent or whether the agent had been tricked by the broader campaign.
Microsoft didn’t say whether the agent was a contractor or a direct employee.
A spokesman said the threat actor’s latest attack was not part of Nobelium’s previous successful attack on Microsoft that had leaked source code.
In the SolarWinds attack, the group changed that company’s code to access SolarWinds customers, including nine US federal agencies.
WHAT IS THE SOLARWINDS HACK?
According to the Department of Homeland Security, the attackers also exploited weaknesses in the configuration of Microsoft programs among SolarWinds customers and others.
Microsoft later said the group compromised its own employee accounts and followed software instructions that govern how Microsoft verifies user identity.
The DHS Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
إرسال تعليق