Microsoft Discovers New Breach During Investigation into SolarWinds Cyberattack Hackers
Microsoft has found Nobelium hackers compromised a worker’s computer and used the device to launch targeted attacks against its customers, the company wrote in a blog post on June 25, 2021. The company made the discovery during its investigation into Nobelium, the hacking group responsible for the SolarWinds Orion supply chain cyberattack, which was discovered in 2020.
The latest cyberattack reported by Microsoft does not involve SolarWinds or its customers, a SolarWinds spokesperson told MSSP Alert. Nobelium hackers gained access to one of Microsoft’s customer service agents, Reuters indicated. They then used information from the agent to attack Microsoft customers.
In addition, Microsoft indicated Nobelium hackers used password-spraying and brute-force techniques to compromise three entities, Ars Technica reported. This allowed the hackers to gain unauthorized access to customer accounts.
The latest breach was not part of the SolarWinds attack, Reuters stated. And, a White House spokesperson told Reuters that the latest breach is believed to be less serious than the SolarWinds attack.
How Has Microsoft Responded to the Latest Breach?
Microsoft has notified all targets of the latest Nobelium attacks, Ars Technica stated. It is working with the Cybersecurity & Infrastructure Security Agency to investigate the attacks and noted that the password-spraying campaign was “mostly unsuccessful.”
Furthermore, Microsoft has warned affected customers to be careful about communications to their billing contacts, according to Reuters. It also has encouraged these customers to change those usernames and email addresses.
Microsoft pointed out that Nobelium’s password-spraying activity primarily targeted customers across the IT (57 percent) and government (20 percent) segments, Microsoft said. Approximately 45 percent of this activity focused on U.S. customers, and customers across 36 countries were targeted.
Meanwhile, Microsoft has recommended organizations use Zero Trust architecture, multi-factor authentication (MFA) and other best practice security precautions to guard against Nobelium cyberattacks and other security vulnerabilities. That way, organizations can take appropriate precautions to guard against current and emerging cyber threats.