Microsoft discovers new breach when probing suspected SolarWinds hackers

Microsoft announced that a hacker had gained access to one of its customer-service agents and information was leveraged to launch cyber attacks against customers. The company stated that it discovered the breach while responding to hacks by a team it says is responsible for major breaches at SolarWinds as well as Microsoft.

Microsoft has already warned the customers who have been affected. The warning states that the attacker belonged to the group Nobelium and it had gained access during the later part of May.

“A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” the warning reveals.

“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,” Microsoft stated.

Microsoft warned affected customers that they need to be careful about any communications that they receive on their billing contacts and should change the email address, username to log in to accounts.

The company said it was aware of three entities that had been breached in the phishing campaign. However, Microsoft is yet to clarify whether the agent was a contractor or a direct employee.

In the SolarWinds attack, the hackers altered code that was used to access SolarWinds customers, which included the nine U.S. federal agencies.

At SolarWinds, the cybercriminals also took advantage of vulnerabilities present in the way Microsoft programs were configured, as per the Department of Homeland Security.