SolarWinds hackers stole data from Microsoft's customer support system

Posted:
in General Discussion
A hacking group believed to be responsible for the SolarWinds breaches used access to Microsoft's support tools via a compromised customer service agent's computer, a breach that enabled the hackers to perform further hacks against Microsoft's customers.




Disclosed on Friday via a blog post, Microsoft confirmed its investigation into the Nobelium hacking group found "information-stealing malware" on a computer used by a customer support agent. As the computer had access to "basic account information for a small number" of customers, Microsoft believes the data was used to launch "highly-targeted attacks."

Microsoft claimed to have "responded quickly" to the breach, removing access and securing the device. Support agents are also allegedly configured with the "minimal set of permissions required" as part of Microsoft's Zero Trust "leased privileged access" approach regarding customer information.

All impacted customers are being notified by the company, with additional support being offered to keep accounts secure.

While Microsoft didn't advise of how long access to customer data was available to the group, Reuters reports warnings to customers mentioned the group had access during the second half of May. It also advised to the report that the agent had access to billing contact information and the services the customers paid for, among other items.

Microsoft was also apparently aware of three entities that had been compromised in a phishing campaign, but didn't clarify if data gleaned from the malware was used in the group's attempts.

Nobelium is believed to be a group that allegedly hacked SolarWinds in December 2019, including waiting in the network company's systems for nine months before acting.

This is not the only major breach that involved Microsoft in 2021. In March, it was disclosed that the Chinese hacking group "Hafnium" was attacking servers around the world using Microsoft Exchange Server. The attacks, which are believed to have affected over 30,000 organizations, prompted Microsoft to release a set of patches affecting Exchange Server versions dating as far back as 2013.

Keep up with everything Apple in the weekly AppleInsider Podcast -- and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too.If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.

Comments

  • Reply 1 of 9
    hydrogenhydrogen Posts: 314member
    MSFT has a customer support system ?
    Beatswilliamlondontwokatmewh4y3sAlex_VfotoformatGeorgeBMacRayz2016cornchipwatto_cobra
  • Reply 2 of 9
    Microsoft says "basic account information for a small number" was hacked.  What does Microsoft consider a small number and what do they consider basic information?

    Only one thing we know for sure, the one computer(according to Microsoft) that was hacked wasn't running Linux, MacOS or even Android. /s
    williamlondontwokatmewwatto_cobra
  • Reply 3 of 9
    BeatsBeats Posts: 3,073member
    hydrogen said:
    MSFT has a customer support system ?

    Yeah all those anti-virus companies that nag you about your PC being infected.
    williamlondontwokatmewAlex_Vfotoformatcornchipwatto_cobra
  • Reply 4 of 9
    BeatsBeats Posts: 3,073member
    Can’t wait for the old farts in congress that have trouble operating an iPhone to open up iOS so we can see more of these stories, except the stories will be about Apple.
    watto_cobra
  • Reply 5 of 9
    mr lizardmr lizard Posts: 354member
    Beats said:
    Can’t wait for the old farts in congress that have trouble operating an iPhone to open up iOS so we can see more of these stories, except the stories will be about Apple.
    Pretty sure no-one’s asking for sandboxing to be removed on iOS. 
    muthuk_vanalingamwatto_cobra
  • Reply 6 of 9
    michelb76michelb76 Posts: 610member
    hydrogen said:
    MSFT has a customer support system ?
    You clearly haven't had to deal with Apple Support yet.
    williamlondon
  • Reply 7 of 9
    MplsPMplsP Posts: 3,911member
    Microsoft confirmed its investigation into the Nobelium hacking group found "information-stealing malware" on a computer used by a customer support agent.

    They must have been running Microsoft’s antivirus software. 
    williamlondonwatto_cobra
  • Reply 8 of 9
    GeorgeBMacGeorgeBMac Posts: 11,421member
    hydrogen said:
    MSFT has a customer support system ?

    Yeh, it's logo is BIG FINGER!
    cornchipwatto_cobra
  • Reply 9 of 9
    GeorgeBMacGeorgeBMac Posts: 11,421member
    The Russian attack went far beyond Microsoft:  thousands, no tens of thousands, of private and public systems were hacked.   And, they were hacked long enough that the Russians were able to imbed their own code so that they can take control of those systems pretty much any time they want.  And many of those systems are critical components in our nation's stability and well being.

    It was at the heart of Biden's warning to Putin to "Don't do it" -- not because we can stop them from doing it.   We obviously can't.   But that -- like in nuclear war -- we can take them down just as they can take us down:  mutual destruction.

    It amazes me though that we sink hundreds of billions into "weapons of war" even though we have not been attacked in a couple hundred years -- yet avoid defending ourselves against the things that can and have harmed us and that can take us down:   cyberwarfare, antibiotic resistant bacteria and, of course, viruses.

    We might have the greatest fighter jets in the world -- but our public health agencies are still trying to figure out a virus that we've known about for a year and half !  We're being led by the 3 Stooges:  the FDA, CDC and NIH.  
    ...  And cyber defenses?   What are those?   An anti-virus program?
Sign In or Register to comment.