San Francisco: Microsoft said on Friday that an attacker gained access to one of its customer-service agents and then used that information to launch hacking attempts against customers.
The company said it had found the settlement during its response to the hacks by a team it identifies as responsible for the major earlier breaches. orion and Microsoft.
Microsoft said it has warned affected customers. A copy of a warning seen by Reuters said the attacker belonged to a group Microsoft calls Nobelium and had access during the second half of May.
“A sophisticated nation-state affiliated actor that Microsoft identifies as Nobelium has accessed Microsoft customer support tools to review information about you Microsoft Services subscription,” the warning reads in part.
The US government has publicly blamed the Russian government for earlier attacks, which denies involvement.
When asked by Reuters about that warning, Microsoft publicly announced the breach.
After commenting on a widespread phishing campaign that said it had compromised a small number of entities, Microsoft said it also found the breach of its own agent, which had limited rights.
The agent can see, among other things, billing contact information and what services the customer pays for.
“The actor used this information in some cases to launch highly targeted attacks as part of his broader campaign,” Microsoft said.
Microsoft warned affected customers to be careful about communication with their billing contacts and to consider changing those usernames and email addresses, as well as preventing old usernames from logging in.
Microsoft said it was aware of three entities that were compromised in a phishing campaign. It did not immediately clarify whether it was any of those whose data was seen through a support agent, or if the agent had been tricked by a wider campaign.
Microsoft did not specify whether the agent was a contractor or direct employee.
A spokesperson said the latest breach by the threatening actor was not part of Nobelium’s previous successful attack on Microsoft, in which he obtained some of the source code.
In the SolarWinds attack, the group changed that company’s code to reach customers of SolarWinds, which included nine US federal agencies.
On SolarWinds customers and others, attackers also took advantage of vulnerabilities in the way Microsoft programs were configured. Department of Homeland Security.
Microsoft later said the group had compromised its own employee accounts and had taken software instructions controlling how Microsoft verifies user identities.
DHS’ Cyber Security and Infrastructure Security Agency Did not respond to a request for comment.
The company said it had found the settlement during its response to the hacks by a team it identifies as responsible for the major earlier breaches. orion and Microsoft.
Microsoft said it has warned affected customers. A copy of a warning seen by Reuters said the attacker belonged to a group Microsoft calls Nobelium and had access during the second half of May.
“A sophisticated nation-state affiliated actor that Microsoft identifies as Nobelium has accessed Microsoft customer support tools to review information about you Microsoft Services subscription,” the warning reads in part.
The US government has publicly blamed the Russian government for earlier attacks, which denies involvement.
When asked by Reuters about that warning, Microsoft publicly announced the breach.
After commenting on a widespread phishing campaign that said it had compromised a small number of entities, Microsoft said it also found the breach of its own agent, which had limited rights.
The agent can see, among other things, billing contact information and what services the customer pays for.
“The actor used this information in some cases to launch highly targeted attacks as part of his broader campaign,” Microsoft said.
Microsoft warned affected customers to be careful about communication with their billing contacts and to consider changing those usernames and email addresses, as well as preventing old usernames from logging in.
Microsoft said it was aware of three entities that were compromised in a phishing campaign. It did not immediately clarify whether it was any of those whose data was seen through a support agent, or if the agent had been tricked by a wider campaign.
Microsoft did not specify whether the agent was a contractor or direct employee.
A spokesperson said the latest breach by the threatening actor was not part of Nobelium’s previous successful attack on Microsoft, in which he obtained some of the source code.
In the SolarWinds attack, the group changed that company’s code to reach customers of SolarWinds, which included nine US federal agencies.
On SolarWinds customers and others, attackers also took advantage of vulnerabilities in the way Microsoft programs were configured. Department of Homeland Security.
Microsoft later said the group had compromised its own employee accounts and had taken software instructions controlling how Microsoft verifies user identities.
DHS’ Cyber Security and Infrastructure Security Agency Did not respond to a request for comment.
.