SolarWinds hackers breach Microsoft support agent to target customers

This is an example of what attackers do once they’ve established a beachhead in your network…:

 

Microsoft has confirmed that some of its customers have been targeted by the Russian state-backed hacking group responsible for last year’s SolarWinds cyber attack after successfully compromising an employees’ computer.

Known as Nobelium, the group was found to have engaged in “password spray and brute-force attacks” on the tech giant’s customers.

The hackers implanted “information-stealing malware” on a device belonging to a Microsoft customer support agent, through which they obtained “basic account information for a small number of [Microsoft’s] customers”, according to the firm.

They then “used this information in some cases to launch highly-targeted attacks as part of their broader campaign”.

“We responded quickly, removed the access and secured the device,” said Microsoft, adding that while the attacks were “mostly unsuccessful”, hackers managed to compromise three of its customers.

“This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date,” the Microsoft Security Response Center team announced in a blog post. “All customers that were compromised or targeted are being contacted through our nation-state notification process.

[…]

Original article