Microsoft Corp. said a hacker linked to the Russian Foreign Intelligence Agency by U.S. authorities installed malicious information theft software on one of its systems and used the information collected there to attack customers. It was.
According to a Microsoft spokesman, hackers use computers used by Microsoft customer support employees who may provide access to various types of information, such as account “metadata” and organizational billing contact information. Infringed.
Microsoft recognizes three customers that have been affected by recent activities. The company said in a blog post..
“Actors could use this information to launch targeted attacks as part of a broader campaign,” Microsoft said. “We responded quickly and removed access to protect our device.”
The incident was part of a broader campaign, primarily targeting tech companies and government agencies in 36 countries, including hacking techniques other than leveraging information obtained from support systems.
Most of the attacks were unsuccessful, but the company said three of Microsoft’s customers were compromised during the campaign. “We have confirmed that the two breaches are unrelated to the support agent issue and continue to investigate the third case,” said a Microsoft spokeswoman.
Microsoft has identified the hacker behind the intrusion as Nobelium. Groups related to sophisticated hacks In Austin, Texas-based software maker
SolarWinds Co., Ltd.
U.S. authorities say this group Part of the Russian Foreign Intelligence Service, Known as SVR. Russia has denied involvement in the SolarWinds hack. A representative of the Russian embassy did not immediately return a message asking for comment on Microsoft’s blog post.
“This should be relevant to all of us,” said Sheri Davidoff, CEO of security consulting firm LMG Security LLC. “Hackers have overcome the defenses of one of the world’s most sophisticated technology suppliers, where software underlies our entire economy.”
This is the second time in a few months that a Russian-linked hacker has breached Microsoft’s network.Microsoft in December, Nobelium hackers Break into the company network View the internal source code used to build the software product.
The U.S. Department of Homeland Security cybersecurity and infrastructure security agency “is aware of this activity and is working with Microsoft and its inter-ministerial partners to assess its impact,” said the Department of Homeland Security, which oversees the ministry. The spokesman said. “We are ready to help the affected entities.” He did not reveal whether the agency was hacked.
Violations at Microsoft and SolarWinds in a long-standing collaborative effort between government and industry security experts to allow Russian hackers to break into U.S. technology companies and use them as a backdoor to government and commercial targets. There are concerns that we are working on it. “Supply chain attack.”
“This shows that SVR continues to carry out supply chain attacks. In this particular case, we track Microsoft support personnel who have clear information and connections with Microsoft customers. “Silverado Policy Accelerator Think tank executive chairman Dmitri Alperovitch, a former cybersecurity researcher, said.
About 100 companies and at least nine government agencies are known to have been compromised during a SolarWinds attack that was undetected in the months prior to being discovered this fall.
April, Biden administration Announced a series of sanctions against Russia In particular, it cites SolarWinds cyberattacks. Russia has accused sanctions.
Since then, Russian-linked hackers have revealed that they intend to continue their activities. In May, Microsoft was hacked Was involved in a phishing campaign It covers 3,000 email accounts owned by workers in more than 150 organizations.
Earlier this month, President Biden said he had warned Russian responders.
Vladimir Putin, Affecting cyber attacks in the United States First face-to-face meeting of two leaders Swiss.
“Supply chain attacks are here to stay with us,” said Alperovich. “It didn’t end with SolarWinds.”
Write to Robert McMillan Robert.Mcmillan@wsj.com
Copyright © 2020 DowJones & Company, Inc. all rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
Microsoft Discloses New Customer Hack Linked to Solar Winds Cyber Attackers
Source link Microsoft Discloses New Customer Hack Linked to Solar Winds Cyber Attackers