A hacking group believed to be responsible for the SolarWinds breaches used access to Microsoft’s support tools via a compromised customer service agent’s computer, a breach that enabled the hackers to perform further hacks against Microsoft’s customers.
Disclosed on Friday via a blog post, Microsoft confirmed its investigation into the Nobelium hacking group found “information-stealing malware” on a computer used by a customer support agent. As the computer had access to “basic account information for a small number” of customers, Microsoft believes the data was used to launch “highly-targeted attacks.”
Microsoft claimed to have “responded quickly” to the breach, removing access and securing the device. Support agents are also allegedly configured with the “minimal set of permissions required” as part of Microsoft’s Zero Trust “leased privileged access” approach regarding customer information.
All impacted customers are being notified by the company, with additional support being offered to keep accounts secure.
While Microsoft didn’t advise of how long access to customer data was available to the group, Reuters reports warnings to customers mentioned the group had access during the second half of May. It also advised to the report that the agent had access to billing contact information and the services the customers paid for, among other items.
Microsoft was also apparently aware of three entities that had been compromised in a phishing campaign, but didn’t clarify if data gleaned from the malware was used in the group’s attempts.
Nobelium is believed to be a group that allegedly hacked SolarWinds in December 2019, including waiting in the network company’s systems for nine months before acting.
This is not the only major breach that involved Microsoft in 2021. In March, it was disclosed that the Chinese hacking group “Hafnium” was attacking servers around the world using Microsoft Exchange Server. The attacks, which are believed to have affected over 30,000 organizations, prompted Microsoft to release a set of patches affecting Exchange Server versions dating as far back as 2013.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, “Hey, Siri,” to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.
If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple’s Podcasts app, or via Patreon if you prefer any other podcast player.