SolarWinds Hackers Compromise Microsoft Support
Microsoft discovered new attacks by the Nobelium hack group that is responsible for the high-profile SolarWinds hack last year, one of the victims was Microsoft customer support employee.
Let me remind you that the SolarWinds hack has become one of the largest attacks on the supply chain in history. In December 2020, it became known that unknown attackers had attacked the company and infected its Orion platform with malware. Of the 300,000 SolarWinds customers, only 33,000 were using Orion, and at the beginning of the year, it was reported that an infected version of the platform was installed on approximately 18,000 customers, according to official figures.
As a result of this incident, giants such as Microsoft, Cisco, FireEye, as well as many US government agencies, including the State Department, the Department of Justice and the National Nuclear Security Administration, were affected.
The American authorities officially blamed Russia for this attack. Joe Biden’s administration said the attack was behind Russia’s Foreign Intelligence Service and its “government hackers” known as APT 29, Cozy Bear, Nobelium or The Dukes.
According to the authorities, they “used the SolarWinds Orion platform and other IT infrastructures as part of a large-scale cyber-espionage campaign.”
As Microsoft now reports, the group used brute force and password spraying in attempts to guess passwords and gain access to Microsoft customer accounts. The OS manufacturer claims that the attacks were mostly unsuccessful, but the hackers still compromised three unnamed objects, and now the victims are already being notified of the incident.
“This activity was targeted at specific customers, primarily IT companies (57%), then government agencies (20%), and a smaller percentage of attacks fell on nongovernmental organizations, think tanks, and financial services.” The activity [of attackers] was mainly concentrated in the USA (about 45%), Great Britain (10%), as well as Germany and Canada. A total of 36 countries were targeted”, — Microsoft said.
In addition, Microsoft said it found malware for stealing information on the device of one of its employees working as a customer support agent. The company says that Nobelium used the malware to collect and steal account data from a small number of customers that was stored on an employee’s device. The investigation into this incident is still ongoing.
“In some cases, attackers have used this information to launch targeted attacks as part of their broader campaign”, — the company admits.
Let me also remind you that I wrote that Microsoft and FireEye found three more malware that attacked SolarWinds clients.