Categories: CyberCrimeSecurity

SolarWinds Hackers Steal Microsoft Customer Data

Microsoft said a system belonging to one of its customer-support agents has been compromised by the attackers behind the SolarWinds hack, exposing “basic account information” for some customers.

The information was then used in highly targeted phishing attacks on Microsoft customers. Microsoft didn’t say whether those attacks had been successful.

“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,” Microsoft said.

“Our support agents are configured with the minimal set of permissions required as part of our Zero Trust ‘least privileged access’ approach to customer information,” the company added.

Customer data

“We are notifying all impacted customers and are supporting them to ensure their accounts remain secure.”

The data of a “small number” of customers was affected by the hack, which Microsoft said was carried out by an attack group variously known as Nobelium, APT29 or Cozy Bear.

The group was behind the hack of SolarWinds that allowed it to access the systems of nine US federal agencies, along with numerous private enterprises.

The US government has publicly stated that Russia was behind the SolarWinds hack, something Russia denies.

Microsoft said that after finding information-stealing malware on a machine belonging to one of its customer-support agents, it removed the malware’s access and secured the device.

It didn’t specify whether the agent was at a contractor or a direct employee.

Phishing risk

Microsoft warned the customers affected, indicating that the malware had accessed data in the second half of May.

“A sophisticated Nation-State associated actor that Microsoft identifies as NOBELIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” the warning reads in part, according to Reuters.

The customer-service agent could see billing contact information and what services customers pay for, amongst other data, Microsoft said.

It warned affected customers to be careful about communications with their billing contacts and to consider changing billing-related usernames and email addresses, as well as barring older usernames from logging in.

Microsoft told Reuters the latest attack was not related to Nobelium’s SolarWinds hack, in which the group succeeded in accessing Microsoft source code.

Data theft

The company said it detected the hack of the customer-service system while investigating a broader hacking campaign carried out by Nobelium, involving password spray and brute-force attacks.

It said it was aware of three entities that had been compromised by the broader campaign.

“All customers that were compromised or targeted are being contacted through our nation-state notification process,” Microsoft said in a statement.

The latest Nobelium campaign primarily targeted IT companies, at 57 percent, followed by government, at 20 percent, as well as non-governmental organisations, think tanks and financial services.

US interests accounted for 45 percent of the attacks, followed by 10 percent for the UK and smaller numbers for Germany and Canada, out of a total of 36 countries targeted.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago