Nation-state pirates Microsoft, which masterminded the SolarWinds supply chain attack, said it hacked a working Microsoft computer and used the access to launch targeted attacks against the company’s customers. brief statement Posted late Friday afternoon.
The hacking group also hacked three entities using password-spray and brute force techniques, which gain unauthorized access to accounts by bombarding login servers with large numbers of login guesses. With the exception of the three entities that were not disclosed, Microsoft said the password-spraying campaign was “mostly unsuccessful.” Since then, Microsoft has notified all targets, whether the attacks were successful or not.
The discoveries came in Microsoft’s ongoing investigation into Nobelium, Microsoft’s name for a sophisticated hacking group that used SolarWinds software updates and other means. Threatens the networks of nine US agencies and 100 private companies. The federal government has said that Noblemium is part of the Russian government’s Federal Security Service.
“As part of our investigation into this ongoing activity, we also discovered information-stealing malware on a device belonging to one of our customer support agents with access to basic account information for a small number of our customers,” Microsoft said in a post. “The perpetrator used this information in some cases to conduct highly targeted attacks as part of his broader campaign.”
According to ReutersMicrosoft published the disclosure of the breach after a reporter for the news outlet asked the company about the notification it had sent to targeted customers or hackers. Microsoft did not reveal that the worker’s computer was infected until the fourth paragraph of the five-paragraph blog post.
Reuters said the infected agent had access to contact information for billing and services customers paid for, among other things. “Microsoft has warned affected customers to be vigilant about communications with their billing contacts and to consider changing these usernames and email addresses, as well as preventing old usernames from logging in,” the news service reported.
Supply Chain Attack on SolarWinds came to light in December. After hacking Austin, Texas-based company, and taking control of its software building system, Noblemium Paid malicious updates for approximately 18,000 SolarWinds customers.
“The most recent cyber attack reported by Microsoft does not involve our company or our customers in any way,” a SolarWinds representative said in an email.
The SolarWinds supply chain attack wasn’t the only way Noblem hurt his targets. Anti-malware provider Malwarebytes said that Also infected with nobelium But through a different carrier that the company did not specify.
Microsoft and email management provider Mimecast also said that Nobelium was also hacked, which then continued to use compromises to hack corporate customers or partners.
Microsoft said the password-spraying activity targeted specific customers, 57 percent of whom were IT companies, 20 percent were government organizations, and the rest were NGOs, think tanks and financial services. About 45 percent of the activity focused on US interests, 10 percent targeted UK customers, and smaller numbers were in Germany and Canada. In total, customers were targeted in 36 countries.
Reuters, citing a Microsoft spokesperson, said the hack disclosed on Friday was not part of Noblem’s previous successful attack on Microsoft. The company has yet to provide key details, including how long the agent’s computer was hacked and whether the hack infected a Microsoft-operated device on a Microsoft network or a contractor’s device on a home network.
Friday’s revelation came as a shock to many security analysts.
“I mean, Jesus, if Microsoft can’t keep its own toolkit virus-free, how is the rest of the world supposed to do?” Ken White, an independent security researcher, told me. “You would have thought that customer-facing systems would be some of the most solid customer-facing systems.”
This story originally appeared Ars Technica.
More great wired stories