Microsoft Corporation NASDAQ MSFT announced Friday that the hackers responsible for SolarWinds had gained access to the device of its customer service agent.
What happened: According to Microsoft, the group behind SolarWinds’ cybersecurity attack used the information from the tools to launch highly targeted attacks against specific Microsoft customers.
The company found the tracks in its response to hacks by a team that it believed was responsible for previous significant breaches.
The compromised agent could view information such as customer billing contact information and services used by customers.
“A sophisticated Nation-State associated actor that Microsoft identifies with Nobelium accessed Microsoft Customer Support Tools to review information about your Microsoft Services subscriptions,” Reuters reported. Microsoft sent the warning letter to its customers.
The company warned customers to be cautious about their billing addresses and log-in credentials. Customers were also asked to change their email addresses and usernames.
Why it Matters: According to the Department of Homeland Security, the attackers took advantage of vulnerabilities in Microsoft programs targeted at SolarWinds customers or others.
Microsoft later stated that the group had also compromised its employee accounts and obtained software instructions on how Microsoft verifies user identities.
The Nobelium attacked government agencies, think tanks and consultants last month.
They broke into Constant Contact’s email marketing account (USAID (United States Agency for International Development) and carried out cyberattacks.
The United States had the largest number of attacks on organizations, but at least 24 other countries claimed victims.
SolarWinds was hacked in December 2020. This allowed hackers to gain access to thousands of government offices and companies that had used SolarWinds software.