According to Microsoft, a hacker linked by the U.S. authorities and the Russian Foreign Intelligence Service installed malicious information-stealing software on one of its systems.
The hackers used the collected information to attack their customers.
The hackers broke into a computer used by a Microsoft customer support employee. They gained access to different types of information, including the “metadata” of the account and the organization’s billing contact information.
Microsoft is aware that three customers have been affected by recent activities.
According to Microsoft, the actor used this information to launch highly targeted attacks as part of its broader activities. However, the company says they responded quickly, removed access rights, and protected the equipment.
The incident is part of a broader campaign and uses information obtained from Microsoft’s support system. It also involves other hacking techniques. These techniques mainly target technology companies and government agencies in 36 countries.
The company said that most attacks were unsuccessful, but three Microsoft customers were attacked during the event. A Microsoft confirms that two of the compromises are unrelated to the support agent issue. The company investigates the third instance.
The hacker behind the intrusion was Nobelium
Nobelium was related to the sophisticated hacking of the software manufacturer SolarWindsCorp in Austin, Texas. SWI 0.93% The U.S. authorities stated that the organization is part of the Russian Foreign Intelligence Service (SVR). Russia denied participating in the SolarWinds hack.
Representatives of the Russian Embassy did not immediately respond to messages seeking comment on the Microsoft blog.
Hackers have passed the defenses of one of the most advanced technology providers globally.
The incident marked the second time in recent months that Russian-related hackers invaded Microsoft’s network
Last December, Microsoft stated that Nobelium hackers had broken into the company’s network. Their goal was to view the internal source code used to build software products.
A spokesperson for the Department of Homeland Security, which oversees the agency, said that the U.S. Cybersecurity and Infrastructure Security Agency is aware of this activity. The agency declared that they work with Microsoft and with their inter-agency partners to evaluate its impact.
He declined to say whether any government agencies have been hacked.
The vulnerabilities of Microsoft and SolarWinds have caused concerns among government and industry security professionals.
Russian hackers might have long participated in and coordinated their efforts to break into American technology companies. They might have tried to use them as backdoors to government and commercial goals for a long time.
This strategy is called “Supply chain attack.”