SolarWinds hackers continue to attack with a new Microsoft breach
[ad_1]
State-nation hackers who supplied the SolarWinds supply chain attack put Microsoft employee’s computer at risk and used access to launch direct attacks on the company’s customers, Microsoft said enunciated published late on Friday evening.
The hacking team put three entities at risk by password-wiping and using brute force techniques, which allow unauthorized access to accounts by logging servers with large numbers of bombing logins. With the exception of three undisclosed entities, Microsoft said the password spraying campaign was “mostly unsuccessful.” Microsoft has since reported all targets, whether the attacks were successful or not.
The findings come from a study by Microsoft about Nobelium, the name of a sophisticated hacking team that used Microsoft to update SolarWinds software and other resources. Engagement networks involving nine U.S. agencies and 100 private companies. The federal government has said that Nobelium is part of the Russian government’s Federal Security Service.
“As part of our ongoing research into this ongoing activity, we also detected malware stealing information from a machine that is one of the customer service agents to obtain basic account information from a small number of our customers,” Microsoft said in a message. “The actor in some cases used this information to carry out highly targeted attacks within the wider campaign.”
According to Reuters, Microsoft reported the breach after asking the company about a notification it sent to customers targeted or hacked by one of the news outlets. Microsoft did not reveal the employee’s computer infection until the fourth paragraph of the five-paragraph message.
The infected agent, Reuters said, could access billing contact information and services paid for by customers, among other things. “Microsoft has warned affected customers to be careful with communications for billing contacts and to consider changing usernames and email addresses, as well as banning old usernames from signing in,” the news service reported.
Supply Chain Attack on SolarWinds came to light in December. After hacking the Austin, Texas-based company and taking control of its software-building system from Nobelium it has driven malicious updates About 18,000 customers of SolarWinds.
“The latest cyber attack reported by Microsoft has nothing to do with our company or our customers,” the SolarWinds representative said in an email.
The attack on the SolarWinds supply chain was not the only way for Nobelium to jeopardize its goals. Malwarebytes said the anti-malware provider He was also infected by Nobelium through another vector that the company did not identify.
Microsoft and the email management provider Mimecast also said they also hacked Nobel, and then continued to use the commitments to hack corporate customers or partners.
Microsoft said the password-splitting activity targeted specific customers, 57% of whom were IT companies, 20% from government agencies and the rest from non-governmental organizations, think tanks and financial services. About 45 per cent of the activity was focused on US interest, 10 per cent was aimed at UK customers and smaller numbers were in Germany and Canada. In total, they targeted customers from 36 countries.
Reuters, citing a Microsoft spokesman, said the breach unveiled on Friday was not part of Nobelium’s successful attack on Microsoft. The company has yet to provide key details, including how long the agent’s computer has been in jeopardy and whether the engagement hit a machine managed by Microsoft on the Microsoft network or a device hired from a home network.
Friday’s disclosure was huge for many security analysts.
“I mean, Jesus, if Microsoft can’t keep its own kit away from viruses, how is the rest of the corporate world supposed to be?” Independent security investigator Kenn White told me. “You would think they would be some of the toughest systems facing the customer.”
This story first appeared Ars Technica.
More great KABEKO stories
[ad_2]
Source link