SolarWinds attackers hit Microsoft: support system is put in danger

Microsoft Services subscribers exposed to threats as hackers gather billing details

Nobelium attacksSolarWinds hackers target Microsoft support.

The very same hacking company called Nobelium, one behind 2020's SolarWinds attack and security breach strikes again.[1] On June 25, 2021, Microsoft shared the news that hackers breached a computer used by a customer service agent and stole some account information. This helped hackers to launch attacks on customers. The company communicated[2]:

The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign. We responded quickly, removed the access, and secured the device.

As Microsoft states that breached computer is now secured, it seems that a small number of customers that could possibly be affected by this attack were contacted. The company sent a message to Microsoft Services subscribers and detailed that hackers potentially had access to customer information from May. Information in question includes billing, service fee, and so on, however, hackers could use such data for far more sinister ways, for example, to gain sensitive personal information[3].

Microsoft takes the situation into their own hands as it is communicated that any impacted customer should be very cautious from now on, especially with billing details. Everyone is strongly encouraged to change any related passwords and usernames. Users who potentially could be affected should also be sure to use a multi-factor authentication system.

As of right now, Microsoft is still undergoing massive investigation in order to found more information about the breach. However, a small victory could be the fact that so far it seems that none of the customers' computers and data were compromised.

The attack deemed “unsuccessful”

Microsoft is a multinational technology company and a very well-known name globally so there is no shock that such an attack attracts attention. However, this threat, unlike the SolarWinds one, seems to be lackluster. While speaking on the matter, a White House official said the latest intrusion was far less serious than the SolarWinds event. The official said:

This appears to be largely unsuccessful, run-of-the-mill espionage.

US Homeland Security's Cybersecurity and Infrastructure Security Agency shared the message that the defensive group is working with Microsoft to evaluate any impact that situation possibly created. At the same time, SolarWinds, the company that was hit with attacks last year, communicated that the recent situation with Microsoft does not involve their company or customers in any way.

Nobelium's attacks become more prevalent and dangerous

Nobelium is Microsoft's name for a state-sponsored hacking group that is believed to be operating from Russia. It is even speculated that the Russian Foreign Intelligence Service (SVR) could be backing up these cybercriminals[4]. The group became widely known after 2020 when the SolarWinds supply chain was attacked.[5]

In December 2020 hackers used tainted software from SolarWinds management to breach a number of other organizations and even federal agencies. More than 100 private companies were hit, Microsoft being one of them.[6]

Attackers replaced legitimate modules in the SolarWinds Orion IT monitoring platform which allowed hackers to gain access to compromised devices, where more internal attacks could be launched. Later, the US Department of Justice (DoJ) and the Federal Bureau of Investigations (FBI) have taken down two domains – and, linked to the attacks.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions