Nobelio, which is the group behind the huge SolarWinds supply chain hack, has now attacked Microsoft itself directly. The Redmond firm has claimed in the past that Nobelium is a group originating in Russia and has staged various attacks in recent months.
In a shared information this weekend, Microsoft said that found “malware to steal information on the machine of one of its support agents”. At the same time this agent had access to “basic customer account information”.
Targets in 26 countries
With that information, hackers “launched highly targeted attacks as part of a larger campaign“Microsoft says it responded by removing access and securing devices.
According information provided by Microsoft, although most attacks have not been successful, the activity was directed to specific clients, mainly IT companies (in 57% of the cases), followed by the public administration (20%) and to a lesser extent non-governmental organizations and companies that offer financial services.
The attack It has reached 36 countries in total. Most of the targets were in the United States, but also in Europe, with the United Kingdom and Germany being the most prominent in the Old Continent. It should be remembered that in February, the president of Microsoft, Brad Smith, claimed that the attack on SolarWinds’ supply chain, made by this same group, which met in December, is the largest and “most sophisticated” in history.
Using multi-factor authentication as a recommendation
“The investigation is ongoing, but we can confirm that our support agents are configured with the minimum set of required permissions,” says the firm. At the same time, Redmond claims to be notifying all affected customers. Microsoft recommended the use of multi-factor authentication and zero trust architectures to help protect the environments.
As a result of the incident, Microsoft said it was going to “refine” its policies regarding validation and signature processes..
“This activity was mostly unsuccessful, and most of the objectives were not successfully compromised”, say the company officials who acknowledge that it is known from “three entities that have seen their security compromised“although he has not specified what they are or where they are.
This is not the first Nobelium attack to hit Microsoft
The firm that recently introduced Windows 11 says that for the moment the attack not attributed to a nation-state as origin.
Redmond recently warned what Nobelium was conducting a phishing campaign posing as USAID after he managed to gain control of a USAID account on an email marketing platform.
That phishing campaign targeted some 3,000 accounts linked to government agencies, think tanks, consultants, and non-governmental organizations.
The Solarwinds attack in the month of December it also affected Microsoft. What began as a cyberattack on almost unknown software, derived in accessing a Microsoft software source code, What the company announced.