The nation-state pirates which orchestrated the supply chain attack SolarWinds compromised a Microsoft employee’s computer and used the access to launch targeted attacks against the company’s customers, Microsoft said in a concise statement published late on a Friday afternoon.
The hacker group has also compromised three entities that use password cracking techniques and brute force, which gain unauthorized access to accounts by bombarding connection servers with a large number of connection investigations. With the exception of the three undisclosed entities, Microsoft said the password-cracking campaign was “largely failed.” Since then Microsoft has notified all targets, whether the attacks were successful or not.
The findings come in Microsoft’s ongoing investigation into Nobelium, Microsoft’s name for the sophisticated group of hackers who used updates to SolarWinds software and other means to compromise networks owned by nine U.S. agencies and 100 private companies. The federal government has said that Nobel is part of the Russian government’s Federal Security Service.
“As part of our investigation into this ongoing activity, we also detected malware stealing information on a machine belonging to one of our customer support agents with access to basic account information. for a small number of our customers, ”Microsoft said in a post. “The actor has used this information in some cases to launch highly targeted attacks as part of his wider campaign.”
According to Reuters, Microsoft published the disclosure of the violation after one of the news outlet’s journalists asked the company for the notification it sent to targeted or hacked customers. Microsoft did not reveal the computer’s work infection until the fourth paragraph of the five-paragraph post.
The infected agent, Reuters said, could access billing contact information and services paid for by customers, among other things. “Microsoft has warned affected customers to be careful about communications to their billing contacts and to consider changing those usernames and email addresses, as well as preventing old usernames from being accessed,” the service said. of news.
The supply chain attack on SolarWinds it came to light of December. After hacking the company in Austin, Texas, and taking control of its software creation system, Nobelium has pushed malicious updates to approximately 18,000 SolarWinds customers.
“The latest cyberattack reported by Microsoft does not involve our company or our customers in any way,” a SolarWinds representative said in an email.
The attack on the SolarWinds supply chain was not the only way the Nobel laureate compromised its goals. This was stated by the anti-malware provider Malwarebytes he was also infected with Nobelium but through a different carrier, which the company has not identified.
Both Microsoft and email management provider Mimecast have also said that they too have been hacked by Nobelium, which then uses the compromises to hack customers or partners of the companies.
Microsoft said the password-sharing business is targeted at specific customers, with 57 percent of IT companies, 20 percent of government organizations, and the rest non-governmental organizations, think tanks, and financial services. About 45 per cent of the activity was focused on US interests, 10 per cent was destined for UK customers, and a smaller number were in Germany and Canada. In all, customers in 36 countries were targeted.
Reuters, citing a Microsoft spokesman, said the violation reported Friday was not part of the successful Nobel Prize attack on Microsoft. The company did not even provide key details, including how long the agent’s computer was compromised and whether the compromise hit a Microsoft-managed machine on a Microsoft network or a company device on a home network.
Friday’s disclosure was a shock to many security analysts.
“I mean, Jesus, if Microsoft can’t keep its own kit away from viruses, how is the rest of the corporate world supposed to be?” Kenn White, an independent security researcher, told me. “You would think that customer-oriented systems would be some of the hardest around.”
This story originally appeared on Ars Technica.
More Great Stories WIRED