Microsoft says the cybercriminals behind the SolarWinds attack compromised a Microsoft customer service agent’s device to launch hacking attempts against its customers.
The agent’s device had access to Microsoft’s customer support tools and basic account information for a “small number of our customers,” which the hacker exploited to launch “highly-targeted attacks as part of a broader campaign,” the company said in a blog post Friday. Microsoft’s Threat Intelligence Center attributed the attacks to Nobelium, the group of state-sponsored Russian hackers that wormed their way into the networks of major federal agencies, IT companies, and other entities around the world via compromised software from the Texas-based company, SolarWinds.
Microsoft said it’s aware of three entities that were compromised in this phishing campaign, though it didn’t identify the victims. It has since removed the attacker’s access, secured the compromised device, and begun the process of alerting all affected customers through its nation-state notification process, Microsoft said.
The agent, Microsoft told Reuters, had access to billing contact information and what services the customers pay for, among other data. It did not say whether the agent was a contractor or a direct employee of Microsoft. Nobelium had access to the agent’s device during the second half of May, according to a warning notice to affected Microsoft customers reviewed by Reuters.
In the warning, Microsoft told customers to be cautious when communicating with billing contacts and to consider changing their usernames and email addresses, the outlet reports. Microsoft also encouraged users on Friday to employ security best practices such as multi-factor authentication and zero-trust architecture, a security model that treats all users as potential threats until their identities can be properly authenticated. Moreover, Windows 11, which is scheduled to roll out later this year, will require a specific security feature called a TPM, or trusted platform module, on existing and new devices in order to upgrade.