Microsoft customer support infiltrated in more attacks by Nobelium group

News IT Global 28 JUN 2021
Microsoft customer support infiltrated in more attacks by Nobelium group

Microsoft said it discovered malware on one of its customer support agent's computers that was collecting information on customers. This was discovered during a wider investigation into hacking activity connected to Nobelium, the suspected group behind the SolarWinds attack last year.

Microsoft said the "information-stealing malware" was on a machine with access to basic account information for a small number of customers. The hacker used this information in some cases to launch highly-targeted attacks as part of their broader campaign. Microsoft said it quickly removed the access and secured the device, and the customers are being informed. 

The activity otherwise uncovered by the investigation was "mostly unsuccessful, and the majority of targets were not successfully compromised", Microsoft said. It found only three compromised entities to date, and they are being notified. 

In a blog post, Microsoft stressed that "this type of activity is not new" and underlines the need for multi-factor authentication and zero-trust security environment. The hacking was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.  The activity was largely focused on US interests, about 45 percent, followed by 10 percent in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted.

Categories:

IT

Companies:

MicrosoftSolarWinds

Regions:

Global

Tags:

Production planning & operations, Security, IT - applications

Related Articles

GLOBAL 22 JAN 2024

Mailberichten van Microsoft-managers gehackt door groepering gesteund door Rusland

De e-mail van het topmanagement van Microsoft is gehackt door een groep die vermoedelijk wordt gesteund door de Russische overheid. Het bedrijf bevestigt dat de aanval op zijn bedrijfssystemen plaatsvond op 12 januari en zegt dat het de hacker heeft geïdentificeerd als Midnight Blizzard, een Russische staatsgesponsorde hacker die ook bekend staat als Nobelium. Hoewel e-mail van werknemers werd aangetast, zei Microsoft dat het geen gevolgen voor klanten had vastgesteld.

GLOBAL 22 JAN 2024

Microsoft says executive emails hacked by Russian-backed group

Microsoft's top management has seen their email hacked by a group thought to be backed by the Russian government. The company confirmed the attack on its corporate systems took place 12 January and said it identified the actor as Midnight Blizzard, a Russian state-sponsored hacker also known as Nobelium. While employee email was affected, Microsoft said it had not identified any impact for customers. 

EUROPE 14 MRT 2023

Cloudrisico's nu ook onderkend als gevaar nationale veiligheid VS: Biden bereidt nieuwe regels (telecom)bedrijven voor

De al jarenlang durende verplaatsing van dienstverlening naar de cloud, door bedrijven en overheidsorganisaties, betekenen een grotere kwetsbaarheid van de kritieke infrastructuur van (telecom)bedrijven. Niet alleen de EU, die druk bezig is met de invoering van extra regelgeving via NIS2, maakt zich daar nu zorgen over. Ook het Witte Huis realiseert zich dat de afhankelijkheid van de cloud gevolgen heeft voor de nationale veiligheid. Dat meldt Politico.

UNITED STATES 26 AUG 2021

Google, Microsoft, Apple back US govt push for more cybersecurity awareness

The White House has confirmed a meeting between President Joe Biden and major corporate leaders to discuss ways to improve cybersecurity in the US. The summit resulted in several measures announced by Apple, Google, Microsoft and Amazon to improve security in the tech industry. 

GLOBAL 14 JUL 2021

Microsoft launches cloud PC service with Windows 365

Microsoft is bringing Windows to the cloud, separating its operating system from PC hardware to make a customer's desktop available from any location. Windows 365 will be able as a subscription service for businesses from 02 August, running first Windows 10 and later Windows 11 when it becomes available. 

UNITED KINGDOM 28 JUN 2021

Microsoft, BGF team to drive digital transformation of UK businesses

Microsoft and investment company BGF have joined forces to support the digital transformation and growth of UK businesses. 

GLOBAL 4 MRT 2021

Microsoft releases Exchange Server update after alleged Chinese hack

Microsoft said on its blog it released security updates for its mail and calendar server programme called Exchange Server. The updates are meant to protect business customers from exploits related to the state-sponsored threat actor Microsoft calls Hafnium which recently attacked its Exchange Server.

FRANCE 16 FEB 2021

French security agency reveals multi-year cyber attack targeting companies using Centreon software

French national security agency ANSSI said that hackers have spent up to three years breaking into the internal networks of companies such as web hosting providers, using IT monitoring software developed by Centreon as the point of entry for the breach. The campaign resulted in attacks on "several French entities", with the first victim compromised from late 2017.

JAPAN 19 JAN 2021

NTT offers cyber threat sensor to customers amid SolarWinds attacks

NTT has announced it will offer qualified clients a free-of-charge specialized sensor capability. This is designed to enable enterprises and public sector agencies to make an initial determination of their risk and potential means to mitigate attacks related to the recent SolarWinds incidents.

UNITED STATES 18 DEC 2020

Microsoft systems attacked in US govt agency hack

Microsoft confirmed that it found malicious software in its systems following a wide-ranging hacking campaign targeting several US government agencies. The attack is suspected to have been carried out by Russian nation-state hackers and the US National Security Agency has warned that certain Microsoft Azure cloud services may have been compromised during the campaign.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.