Microsoft said an Attacker had Won Access to its Customer-Service Agents


On Friday, Microsoft revealed that an attacker gained access to one of its customer-service agents and then used the data to begin hacking attempts against customers. The company claimed it discovered the breach while responding to hacks by a group it blames for previous significant breaches at SolarWinds and Microsoft. 

Microsoft stated that the impacted consumers had been notified. According to a copy of one warning seen by Reuters, the attacker belonged to the Microsoft-designated Nobelium group and had access in the second half of May. "A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," according to the warning. The US government has officially blamed the Russian government for the earlier assaults, which it denies. 

Microsoft claimed it had discovered a breach of its own agent, who it said had limited powers, after commenting on a larger phishing attack it said had affected a small number of businesses. Among other things, the agent might access billing contact information and the services that consumers pay for. "The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said.

Microsoft advised concerned consumers to be cautious when communicating with their billing contacts and to consider changing their usernames and email addresses, as well as preventing users from logging in with outdated usernames. Three entities have been compromised in the phishing attempt, according to Microsoft. It was unclear whether any of those whose data was viewed through the support agent were among those whose data was viewed through the broader campaign, or if the agent had been duped by the broader campaign. 

Nobelium's recent breach, according to a spokeswoman, was not part of the threat actor's prior successful attempt on Microsoft, in which it stole some source code. In the SolarWinds hack, the organization changed code at the company to get access to SolarWinds clients, which included nine federal agencies in the United States. 

According to the Department of Homeland Security, the attackers took advantage of flaws in the way Microsoft programmes were configured at SolarWinds customers and others. Microsoft eventually revealed that the hackers had hacked into its own employee accounts and taken software instructions that regulate how the company verifies user identities.