Blog
68
Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

SolarWinds Hackers Compromise Microsoft Support

Now Reading
SolarWinds Hackers Compromise Microsoft Support

Contents
SolarWinds and Microsoft Support

Microsoft discovered new attacks by the Nobelium hack group that is responsible for the high-profile SolarWinds hack last year, one of the victims was Microsoft customer support employee.

Let me remind you that the SolarWinds hack has become one of the largest attacks on the supply chain in history. In December 2020, it became known that unknown attackers had attacked the company and infected its Orion platform with malware. Of the 300,000 SolarWinds customers, only 33,000 were using Orion, and at the beginning of the year, it was reported that an infected version of the platform was installed on approximately 18,000 customers, according to official figures.

As a result of this incident, giants such as Microsoft, Cisco, FireEye, as well as many US government agencies, including the State Department, the Department of Justice and the National Nuclear Security Administration, were affected.

The American authorities officially blamed Russia for this attack. Joe Biden’s administration said the attack was behind Russia’s Foreign Intelligence Service and its “government hackers” known as APT 29, Cozy Bear, Nobelium or The Dukes.

According to the authorities, they “used the SolarWinds Orion platform and other IT infrastructures as part of a large-scale cyber-espionage campaign.”

As Microsoft now reports, the group used brute force and password spraying in attempts to guess passwords and gain access to Microsoft customer accounts. The OS manufacturer claims that the attacks were mostly unsuccessful, but the hackers still compromised three unnamed objects, and now the victims are already being notified of the incident.

“This activity was targeted at specific customers, primarily IT companies (57%), then government agencies (20%), and a smaller percentage of attacks fell on nongovernmental organizations, think tanks, and financial services.” The activity [of attackers] was mainly concentrated in the USA (about 45%), Great Britain (10%), as well as Germany and Canada. A total of 36 countries were targeted”, — Microsoft said.

In addition, Microsoft said it found malware for stealing information on the device of one of its employees working as a customer support agent. The company says that Nobelium used the malware to collect and steal account data from a small number of customers that was stored on an employee’s device. The investigation into this incident is still ongoing.

“In some cases, attackers have used this information to launch targeted attacks as part of their broader campaign”, — the company admits.

Let me also remind you that I wrote that Microsoft and FireEye found three more malware that attacked SolarWinds clients.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
Posted In
Blog
Tags
Microsoft, Microsoft support, Nobelium, SolarWinds, SolarWinds attack, SolarWinds attack victims, SolarWinds cyber attack, SolarWinds hack
, , , , , , ,
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response