A hacking group believed to be responsible for the SolarWinds breaches used access to Microsoft’s support tools via a compromised customer service agent’s computer, a breach that enabled the hackers to perform further hacks against Microsoft’s customers.
Disclosed on Friday via a blog post, Microsoft confirmed its investigation into the Nobelium hacking group found “information-stealing malware” on a computer used by a customer support agent. As the computer had access to “basic account information for a small number” of customers, Microsoft believes the data was used to launch “highly-targeted attacks.”
Microsoft claimed to have “responded quickly” to the breach, removing access and securing the device. Support agents are also allegedly configured with the “minimal set of permissions required” as part of Microsoft’s Zero Trust “leased privileged access” approach regarding customer information.
All impacted customers are being notified by the company, with additional support being offered to keep accounts secure.
While Microsoft didn’t advise of how long access to customer data was available to the group, Reuters reports warnings to customers mentioned the group had access during the second half of May. It also advised to the report that the agent had access to billing contact information and the services the customers paid for, among other items.
Microsoft was also apparently aware of three entities that had been compromised in a phishing campaign, but didn’t clarify if data gleaned from the malware was used in the group’s attempts.
Nobelium is believed to be a group that allegedly hacked SolarWinds in December 2019, including waiting in the network company’s systems for nine months before acting.
This is not the only major breach that involved Microsoft in 2021. In March, it was disclosed that the Chinese hacking group ..
Support the originator by clicking the read the rest link below.
