The nation-state hacker collective that breached SolarWinds in what has been lauded as one of the biggest cyberattacks ever, is now embroiled in another hack, targeting Microsoft. The group managed to compromise a Microsoft worker’s computer and used the access to launch precision attacks against the company’s customers.
Microsoft released the news in a statement published late on Friday afternoon. The hacking group also compromised three entities, by deploying password-spraying and brute-force techniques, which availed access to accounts by hitting the login servers with rapid-fire login guesses.
Except for the three entities, Microsoft said that the password-spraying campaign was mostly a failure and that all targets have been notified about the attacks and the status of their targeted systems.
The discovery of these attacks comes when Microsoft is investigating Nobelium, the name it gave to a sophisticated hacking group that used SolarWinds software updates and other methods, to compromise the networks of 100 private companies and 9 US agencies.
The federal government has said that the group is part of the Russian government’s Federal Security Service. Microsoft reported finding information-stealing malware on a machine belonging to one of its customer support agents with access to basic account information for some of its customers.
A disturbing breach
Reuters reports that Microsoft published the breach disclosure after one of the news outlet’s reporters asked the company about the notification it sent to targeted or breached customers.
Microsoft did not reveal the infection on the worker’s computer until the fourth or fifth paragraph of the post. The infected agent had access to billing contact information and the services the customers paid for, among other sensitive details.
Many security analysts are shocked that Microsoft cannot keep their kit virus-free, which makes one wonder how the rest of the corporate world is supposed to cope.