IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

SolarWinds hackers breach Microsoft support agent to target customers

Nobelium engaged in password spray and brute-force attacks after implanting malware on a device belonging to a Microsoft employee

Microsoft has confirmed that some of its customers have been targeted by the Russian state-backed hacking group responsible for last year’s SolarWinds cyber attack after successfully compromising an employees' computer. 

Known as Nobelium, the group was found to have engaged in “password spray and brute-force attacks” on the tech giant’s customers.

The hackers implanted “information-stealing malware” on a device belonging to a Microsoft customer support agent, through which they obtained “basic account information for a small number of [Microsoft’s] customers”, according to the firm.

They then “used this information in some cases to launch highly-targeted attacks as part of their broader campaign”. 

“We responded quickly, removed the access and secured the device,” said Microsoft, adding that while the attacks were “mostly unsuccessful”, hackers managed to compromise three of its customers.

"This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date," the Microsoft Security Response Center team announced in a blog post. "All customers that were compromised or targeted are being contacted through our nation-state notification process.

Around 10% of the targeted customers were UK-based, with the hackers mostly focusing on “US interests”. The majority of the targets were “IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organisations and think tanks, as well as financial services”.

Related Resource

The definitive guide to IT security

Protecting your MSP and your customers

The definitive guide to IT security for MSPs - whitepaper from LiongardDownload now

Overall, the hackers targeted organisations from 36 countries, the tech giant stated, adding that it recommends that customers enable multi-factor authentication in order “to protect their environments from this and similar attacks”. 

The news comes weeks after Nobelium launched a wave of attacks on more than 150 government agencies, think tanks, consultants, and NGOs from 24 countries, targeting an estimated 3,000 email accounts.

Microsoft's corporate VP of Customer Security & Trust, Tom Burt, said at the time said that Nobelium's main objective is to "gain access to trusted technology providers and infect their customers". The hacking group’s activities also tend to coincide with the "issues of concern to the country from which they are operating", according to the cyber security expert.

"This is yet another example of how cyber attacks have become the tool of choice for a growing number of nation-states to accomplish a wide variety of political objectives, with the focus of these attacks by Nobelium on human rights and humanitarian organisations," Burt added.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022
An analysis of the European cyber threat landscape
Whitepaper

An analysis of the European cyber threat landscape

8 Jul 2022
Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022