SolarWinds Hackers Breach Microsoft Customer Support to Target its Customers – The Hacker News

https://thehackernews.com/2021/06/solarwinds-hackers-breach-microsoft.html


0

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts.

“This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date,” the tech giant’s Threat Intelligence Center said Friday. “All customers that were compromised or targeted are being contacted through our nation-state notification process.”

Stack Overflow Teams

The development was first reported by news service Reuters. The names of the victims were not revealed.

The latest wave in a series of intrusions is said to have primarily targeted IT companies, followed by government agencies, non-governmental organizations, think tanks, and financial services, with 45% of the attacks located in the U.S., U.K., Germany, and Canada.

Nobelium is the name assigned by Microsoft to the nation-state adversary responsible for the unprecedented SolarWinds supply chain attacks that came to light last year. It’s tracked by the wider cybersecurity community under the monikers APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).

In addition, Microsoft said it detected information-stealing malware on a machine belonging to one of its customer support agents, who had access to basic account information for a small number of its customers.

The stolen customer information was subsequently used “in some cases” to launch highly-targeted attacks as part of a broader campaign, the company noted, adding it moved quickly to secure the device. Investigation into the incident is still ongoing.

Enterprise Password Management

The revelation that the hackers have set up a new arm of the campaign comes a month after Nobelium targeted more than 150 different organizations located across 24 countries by leveraging a compromised USAID account at a mass email marketing company called Constant Contact to send phishing emails that enabled the group to deploy backdoors capable of stealing valuable information.

The development also marks the second time the threat actor singled out Microsoft after the company disclosed earlier this February the attackers managed to compromise its network to view source code related to its products and services, including Azure, Intune, and Exchange.

What’s more, the disclosure comes as the U.S. Securities and Exchange Commission (SEC) opened a probe into the SolarWinds breach to examine whether some victims of the hack had failed to publicly disclose the security event, Reuters reported last week.


Like it? Share with your friends!

0

0 Comments

Your email address will not be published. Required fields are marked *

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube, Vimeo or Vine Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format