Microsoft has issued a warning that a cyber threat actor has managed to access one of its customer service agent’s computers, exposing customers’ subscription information for the hackers to use when launching further hacking attempts.
In a blog post last week, Microsoft said that the hacking group Nobelium has been conducting “password spray” and “brute-force” attacks to gain access to corporate networks. The tech giant added that Nobelium – a group believed to be Russian state-sponsored – was also responsible for previous major breaches it suffered, and for the hack that hit the IT firm SolarWinds earlier this year.
While Nobelium’s recent attacks were mostly unsuccessful, Microsoft warned that at least three entities were breached through the two methods.
“This activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%), and smaller percentages for non-governmental organisations and think tanks, as well as financial services,” the software company said.
“The activity was largely focused on US interests, about 45%, followed by 10% in the UK, and smaller numbers from Germany and Canada. In all, 36 countries were targeted.”
Reuters first broke news on the attacks when it obtained an email sent to affected customers which warned them that hackers had gained access to information about their Microsoft Services subscriptions. It was only after Reuters raised the issue that Microsoft looked into the data breach.
According to Microsoft, the compromised customer service agent’s computer gave hackers access to “basic account information” for several customers. Microsoft cautioned that Nobelium used this customer information in targeted phishing attacks against clients.
Microsoft did not disclose whether the agent whose computer was compromised was a contractor or a direct employee.