Microsoft claimed an attacker gained access to one of its customer service representatives on Friday and then used the knowledge to start hacking attempts against consumers. The business claimed it discovered the vulnerability while responding to intrusions by a group it blames for previous big breaches at SolarWinds and Microsoft.
Microsoft stated that the impacted consumers had been notified. According to a copy of one warning, the attacker belonged to the Microsoft-designated Nobelium group and had access in the second part of May.
“A sophisticated Nation-State associated actor that Microsoft identifies as Nobelium accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” the warning reads in part. The US administration has openly blamed the Russian government for the prior assaults, which it denies.
Microsoft responded by publicly announcing the breach when asked about it.
Among other things, the representative may view invoicing contact information and the services that clients pay for. Among other things, the representative may view invoicing contact information and the services that clients pay for.
“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,” Microsoft said. Microsoft advised impacted consumers to be cautious when communicating with their billing contacts and consider changing their usernames and email addresses and preventing users from signing in with outdated identities.
Microsoft said that three businesses had been hacked as a result of the phishing effort.
It was unclear if any of the individuals whose data was accessed through the support agent were among those who were targeted by the larger effort, or if the agent had been duped by it. The agent was either a contractor or a direct official, according to Microsoft.
The gang changed code at the firm to get access to SolarWinds clients, which included nine federal agencies in the United States in the SolarWinds incident.
According to the Department of Homeland Security, the attackers exploited the flaws in the way Microsoft applications and targeted SolarWinds customers and others in the setup. Microsoft eventually revealed that the gang had hacked into its own staff accounts and obtained software instructions that regulate how the company validates user identities.