• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

SolarWinds Hackers Used A Microsoft Support Agent’s Tools In New Attacks, Microsoft Says

The hackers behind the compromise of SolarWinds’ software gained access to a Microsoft support agent's tools to target IT companies, Microsoft says.

June 28, 2021 Zachary Comeau Leave a Comment

Microsoft January Patch Tuesday
wolterke/stock.adobe.com

The allegedly Russian hackers behind the compromise of SolarWinds’ IT management software have apparently gained access to a Microsoft support agent’s tools to target primarily IT companies as part of a larger series of attacks that included phishing and brute force.

This is new activity from the hacking group that Microsoft calls Nobelium, the same group attributed to the compromise of SolarWinds’ Orion IT management platform that primarily targeted government agencies and adjacent entities.

These new attacks do not involve SolarWinds or its customers in any way, a SolarWinds spokesperson told us via email.

According to Microsoft, the group compromised a Microsoft customer support and was able to install information-stealing malware on a machine belonging to a customer support agent that had access to basic account information for “a small number” of Microsoft customers.

That information was used to launch highly targeted attacks as part of Nobelium’s broader campaign that includes other tactics like password spray and brute-force attacks.

According to the company, 57% of the targets were IT companies, 20% were in government and the remainder included think tanks and financial services. Most of the activity was in the U.S. with other targets in Europe and Canada.

In a Microsoft Security Response Center blog, the company said it quickly removed the access and secured the device.

“The investigation is ongoing, but we can confirm that our support agents are configured with the minimal set of permissions required as part of our Zero Trust “least privileged access” approach to customer information,” Microsoft said in the blog. “We are notifying all impacted customers and are supporting them to ensure their accounts remain secure.”

According to Microsoft, only three entities have been compromised via this recent activity. Customers who are compromised or targeted are being contacted through Microsoft’s nation-state notification process.

The company’s security response team also called on IT professionals to implement security best practices, including identity access management, zero trust and least-privilege access models to help ensure that only legitimate users are accessing your organization’s data.

This activity follows Nobelium’s compromise of the SolarWinds platform and another phishing campaign using the U.S. Agency for International Development’s email marketing tool which included information-stealing malware.

This article has been updated to reflect comments from a SolarWinds spokesperson.

Tagged With: Microsoft, SolarWinds

Related Content:

  • No More Ransom SMBs Are Grappling with Paying Ransom Demands
  • Tenable Cloud Security with Agentless Assessment and Live Results Tenable Announces Cloud Security Agentless Assessment for Faster…
  • Zerto AWS Zerto Joins AWS ISV Workload Migration Partner Program
  • Bluesound Professional B170S Networked Streaming Stereo Amplifier Bluesound Professional Launches B170S Networked Streaming Stereo Amplifier

Free downloadable guide you may like:

  • Blueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.