© Reuters. FILE PHOTO: A Microsoft logo is seen in Los Angeles, California, the United States, Nov. 7, 2017. REUTERS / Lucy Nicholson / File Photo
By Joseph Menn
SAN FRANCISCO (Reuters) – Microsoft said Friday that an attacker gained access to one of its customer service representatives and then used information from it to launch hacking attempts against customers.
The company said it found the compromise in its response to hacks by a team it identified as responsible for previous major security breaches at SolarWinds and Microsoft (NASDAQ :).
Microsoft said it had warned affected customers. A copy of a warning seen by Reuters states that the attacker belonged to the group Microsoft calls Nobelium and that he had access in the latter part of May.
"A seasoned actor affiliated with a national state that Microsoft identifies as NOBELLIUM has accessed Microsoft customer support tools to verify information about your Microsoft Services subscriptions," the warning said in part. The US government has publicly attributed the previous attacks to the Russian government, which denies involvement.
When Reuters asked about this warning, Microsoft publicly announced the violation.
After commenting on a broader phishing campaign that allegedly compromised a small number of companies, Microsoft said it had also found breach of its own agent, who allegedly had limited powers.
Among other things, the agent could see billing contact information and which services customers are paying for.
"The actor used this information in some cases to launch targeted attacks as part of his larger campaign," Microsoft said.
Microsoft warned affected customers to be careful when communicating with their billing contacts and consider changing these usernames and email addresses, as well as blocking old usernames from logging in.
Microsoft announced that it knew three companies had been compromised in the phishing campaign.
It was not immediately clarified whether among those whose data was viewed by the support agent or whether the agent had been tricked by the broader campaign.
Microsoft didn't say whether the agent was a contractor or a direct employee.
A spokesman said the threat actor's latest attack was not part of Nobelium's previous successful attack on Microsoft that had leaked source code.
In the SolarWinds attack, the group changed that company's code to access SolarWinds customers, including nine US federal agencies.
According to the Department of Homeland Security, the attackers also exploited weaknesses in the configuration of Microsoft programs among SolarWinds customers and others.
Microsoft later said the group compromised its own employee accounts and followed software instructions that govern how Microsoft verifies user identity.
A White House official said the recent break-in and phishing campaign was far less serious than the SolarWinds fiasco.
"This appears to be largely unsuccessful everyday espionage," said the official.
Scott McConnell, a spokesman for Homeland Security's Cybersecurity and Infrastructure Security Agency, said the defensive group “is working with Microsoft and our multi-agency partners to assess the impact. We are ready to support all affected companies. "
A SolarWinds spokesperson said, "The latest cyberattack reported by Microsoft does not affect our company or our customers in any way."
Disclaimer: Fusion Media would like to remind you that the information contained on this website is not necessarily real-time or accurate. All CFDs (stocks, indices, futures) and forex prices are not provided by exchanges, but by market makers. Therefore, prices may not be accurate and may differ from the actual market price, meaning that prices are indicative and not suitable for trading purposes. Therefore, Fusion Media is not responsible for any trading losses you may incur as a result of using this data.
Fusion Media or any other person involved in Fusion Media assumes no liability for any loss or damage that might arise from reliance on the information contained on this website, including data, prices, charts and buy / sell signals. Please inform yourself comprehensively about the risks and costs associated with trading in the financial markets, as it is one of the riskiest forms of investment.