In a brief statement published on Friday afternoon, Microsoft revealed that the hacking group who stays behind the SolarWinds attack has managed to access a computer of an employee from the company’s Customer Support team in an attempt to launch targeted attacks towards Microsoft’s customers.
The statement revealed that Microsoft found malware on one of their customer support agents’ machines, which has access to basic account information for a limited number of their clients.
It is unclear whether this breach will have any significant impact on Microsoft’s operation or not since the company has not yet provided key details, such as how long the agent’s computer was compromised and whether the compromise affected a Microsoft-managed machine on a Microsoft network or a contractor device on a home network.
According to the information that has been revealed, the malicious actors had limited access but were still able to get their hands on details such as billing contact information of customers and what services they have used. What has become clear from Microsoft’s statement is that the hackers used the details they managed to access to start a “highly targeted” attack on specific Microsoft customers.
As per the reports, the hacking group behind the SolarWinds attack, which Microsoft has codenamed as Nobelium, used password-spraying and brute-force methods to gain access to accounts.
Three entities, the names of which have not been revealed, have been successfully compromised with these methods. As stated by Microsoft, the passwords spray efforts were, “largely unsuccessful” (except the three unnamed organizations). Still, in relation to this incident, Microsoft has notified all possible targets, regardless of whether or not attacks on them were successful. Also, the company has ensured that the Nobelium actors no longer have access to the device of the Customer Support agent.
Microsoft’s ongoing investigations on the SolarWinds attack uncovered that nine U.S. government organizations and more than 100 private organizations have been compromised by the sophisticated hacker gang, whose members relied on SolarWinds software updates and other tools to exploit the networks of its targets. According to the federal government, Nobelium is part of the Federal Security Service of the Russian government.
The news of Friday’s was unexpected to many security experts, some of which shared their concerns that if Microsoft couldn’t maintain their own equipment free of malware, how can the rest of the business sector expect to keep themselves safe.