viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
SolarWinds hackers breach new victims, including a Microsoft support agent
Technology

SolarWinds hackers breach new victims, including a Microsoft support agent

26/06/2021

A phone and the wall behind it share a solarwinds logo.

The nation-state hackers who orchestrated the SolarWinds supply chain attack compromised a Microsoft worker’s computer and used the access to launch targeted attacks against company customers, Microsoft said in a terse statement published late on a Friday afternoon.

The hacking group also compromised three entities using password-spraying and brute-force techniques, which gain unauthorized access to accounts by bombarding login servers with large numbers of login guesses. With the exception of the three undisclosed entities, Microsoft said, the password-spraying campaign was “mostly unsuccessful.” Microsoft has since notified all targets, whether attacks were successful or not.

Enter Nobelium

The discoveries came in Microsoft’s continued investigation into Nobelium, Microsoft’s name for the sophisticated hacking group that used SolarWinds software updates and other means to compromise networks belonging to nine US agencies and 100 private companies. The federal government has said Nobelium is part of the Russian government’s Federal Security Service.

“As part of our investigation into this ongoing activity, we also detected information-stealing malware on a machine belonging to one of our customer support agents with access to basic account information for a small number of our customers,” Microsoft said in a post. “The actor used this information in some cases to launch highly targeted attacks as part of their broader campaign.”

According to Reuters, Microsoft published the breach disclosure after one of the news outlet’s reporters asked the company about the notification it sent to targeted or hacked customers. Microsoft didn’t reveal the infection of the worker’s computer until the fourth paragraph of the five-paragraph post.

Advertisement

The infected agent, Reuters said, could access billing contact information and the services the customers paid for, among other things. “Microsoft warned affected customers to be careful about communications to their billing contacts and consider changing those usernames and email addresses, as well as barring old usernames from logging in,” the news service reported.

The supply chain attack on SolarWinds came to light in December. After hacking the Austin, Texas-based company and taking control of its software-build system, Nobelium pushed malicious updates to about 18,000 SolarWinds customers.

A wide assortment of targets

The SolarWinds supply chain attack wasn’t the only way Nobelium compromised its targets. Antimalware provider Malwarebytes has said it was also infected by Nobelium but through a different vector, which the company didn’t identify.

Both Microsoft and email management provider Mimecast have also said that they, too, were hacked by Nobelium, which then went on to use the compromises to hack the companies’ customers or partners.

Microsoft said that the password-spraying activity targeted specific customers, with 57 percent of them IT companies, 20 percent government organizations, and the rest nongovernmental organizations, think tanks, and financial services. About 45 percent of the activity focused on US interests, 10 percent targeted UK customers, and smaller numbers were in Germany and Canada. In all, customers in 36 countries were targeted.

Reuters, citing a Microsoft spokesman, said that the breach disclosed Friday wasn’t part of Nobelium’s previous successful attack on Microsoft. The company has yet to provide key details, including how long the agent’s computer was compromised and whether the compromise hit a Microsoft-managed machine on a Microsoft network or a contractor device on a home network.

Friday’s disclosure came as a shock to many security analysts.

“I mean, Jesus, if Microsoft can’t keep their own kit clear of viruses, how is the rest of the corporate world supposed to?” Kenn White, product security principal at MongoDB, told me. “You would have thought that customer-facing systems would be some of the most hardened around.”

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Beat Saber is now an Oculus studio after Facebook acquisition
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

HBO Max debuts on May 27th with 10,000 hours of content, including a handful of originals

TechCrunch’s Favorite Things of 2019
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

Peloton stock spikes as the at-home fitness company finds potential customers stuck at home

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Amazon rebrands Twitch Prime as Prime Gaming to broaden audience
    Amazon rebrands Twitch Prime as Prime Gaming …
    10/08/2020
  • Researchers release data set of CT scans from coronavirus patients
    Medopad rebrands to Huma, makes acquisitions to …
    16/04/2020
  • Fast & Furious: Crossroads lives video games a quarter-mile at a time
    Facebook’s new ‘Quiet Mode’ option lets you …
    10/04/2020
  • Newly discovered Mac malware uses “fileless” technique to remain stealthy
    Newly discovered Mac malware uses “fileless” technique …
    06/12/2019
  • Detroit’s fight over policing and facial recognition is a microcosm of the nation
    Detroit’s fight over policing and facial recognition …
    26/06/2020

Popular Posts

  • 10 People Who Suffer From Strange Phobias …
    19/06/2022 0
  • 10 Real Historical Events That Inspired ‘Game …
    22/05/2022 0
  • Top 10 ’90s Songs You Didn’t Realize …
    23/05/2022 0
  • Top 10 Mysteries, Cold Cases & Puzzles …
    23/05/2022 0
  • Ransomware attack on Planned Parenthood steals data of 400,000 patients
    Why it’s hard to sanction ransomware groups
    23/05/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh