Microsoft customer support agent compromised in attacks by SolarWinds’ hackers

The group behind the massive SolarWinds hacks recently launched another cyber attack campaign, and one of the victims was a Microsoft customer support agent. Microsoft announced in a blog post that it is pursuing new activities by the group baptized as Nobelium. “This recent activity has been largely unsuccessful,” the company said, and the group has failed to infiltrate most of the targets. However, the attackers managed to compromise at least three units, and Microsoft’s latest investigation also found information-stealing malware on its account managers’ computers.

At the moment, the technology giant is still investigating the attackers’ methods, but has so far seen evidence of password spray and brute force attacks. Its first report did not identify the three compromised entities, nor did it state whether the attackers obtained their information from the computer owned by the company’s customer support service. However, Microsoft admitted that the computer had access to basic account information for a small number of its customers, and that the attackers used this information to launch targeted attacks.

The company said it responded quickly and was able to remove the group’s access to its customer service rep’s device. It has also alerted the compromised units and all other targets through its nation-state notification process. US officials believe Russia was behind the SolarWinds hacks and previously linked Nobelium to the country’s intelligence agency.

Just last month, Microsoft discovered that the same group ran an elaborate email-based spear phishing campaign targeting government agencies, think tanks, and non-governmental organizations. It sent infected emails to its destinations after infiltrating the United States Agency for International Development or USAID bulk mailing service. This new campaign focused more on IT companies, but to a lesser extent on government organizations and NGOs. As with its previous activities, Nobelium has primarily chosen US-based companies in this latest series of attacks. About 10 percent of the destinations are based in the UK, while a smaller number are based in Germany and Canada.

All products recommended by Engadget are selected by our editorial team independently of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Leave a Comment