Microsoft reports previously undetected security breach while investigating SolarWinds hack

The group, which Microsoft refers to as Nobelium, gained access to Microsoft customer support tools that allowed the cyber thieves to view billing contact information, as well as what services customers were paying for. In some cases, Nobelium – described as a “sophisticated Nation-State associated actor” in a document seen by Reuters – used the data that it stole to launch “highly targeted attacks” as part of a larger hacking operation, the tech giant said. The breach is said to have occurred in the second half of May.

Microsoft warned affected customers to be careful when handling communications involving billing matters, and urged them to consider changing relevant usernames and email addresses. The company said that the phishing campaign targeted at least three entities, without providing further details. It also declined to disclose whether the customer service representative who was hacked was an official employee or a contractor. 

Nobelium has been accused of carrying out the infamous SolarWinds hack. The cyber attack, first reported in December, exploited backdoor access to a popular network-management program distributed by the Texas-based SolarWinds company. The security breach went undetected for months and is believed to have affected the systems of more than 100 companies around the world, as well as nine US government agencies. In March it was revealed that the SolarWinds exploit also allowed hackers to gain access to email accounts belonging to then-Acting DHS Secretary Chad Wolf and members of the department’s cybersecurity team.

Microsoft said that the customer service breach is not related to the SolarWinds incident, although it was discovered while probing the massive hack. 

In May, the software giant announced that it had uncovered a “wide-scale malicious email campaign” operated by Nobelium which used a mass-mailing service to “masquerade as a US-based development organization and distribute malicious URLs to a wide variety of organizations and industry verticals.”

Washington has claimed that Russian hackers are most likely behind the breach, but it has yet to back up the allegation with evidence. The Kremlin has strongly denied any involvement. 

Like this story? Share it with a friend!

© 2021, paradox. All rights reserved.