American software giant Microsoft revealed that a hacker gained access to one of its customer-service tools and then used the data to begin hacking attempts against customers. It stated that the impacted consumers had been notified and attackers have been successfully removed.
The company claimed that it discovered the breach while responding to hacks by a group it suspects for previous significant breaches at SolarWinds Corp. and Microsoft.
As identified by Microsoft’s Threat Intelligence Center, the attack was linked to a group known as “Nobelium”, the same group of state-sponsored Russian hackers who used sophisticated penetration techniques to infect up to 18,000 clients of Texas-based software firm SolarWinds Corp. with malware in 2020.
“A sophisticated Nation-State associated actor known as Nobelium accessed Microsoft customer support tools to evaluate information about your Microsoft Services subscriptions,” the warning stated.
Among other things, the agent might get access to billing contact information and the services that consumers pay for. “In other cases, the attacker utilized this information to launch highly-targeted operations as part of a larger phishing campaign,” Microsoft declared.
During the recent attack, Microsoft said Nobelium targeted IT firms, governments, non-profits, think tanks, and banking sectors in 36 countries. “About 45 percent of the activity was centered on US interests, followed by 10 percent in the UK, and lesser amounts from Germany and Canada,” the Redmond, Washington-based software manufacturer stated in a blog post.
In the last breach, the Nobelium allegedly acquired access to an email marketing account used by the United States Agency for International Development (USAID), the federal government’s aid agency which could “enable a wide range of activities from stealing data to infecting other computers on a network,” according to Microsoft.