Microsoft says some of its customer support tools were accessed by the hacking group Nobelium, which was also connected to the SolarWinds attacks, due to a Microsoft customer service agent’s computer being compromised. Microsoft told Reuters that the agent had limited access, and was able to see things like what services customers used, and their billing contact information. According to Microsoft, the hackers used the info gleaned from the tools to start “highly targeted” attacks on specific Microsoft customers.
The attacks, Microsoft says, were part of a larger Nobelium campaign largely focused on IT companies and governments throughout the world. The company says it’s reached out to the customers who were impacted by the hacking group’s use of the tools, and that Nobelium no longer has access to the customer support agent’s device.
Microsoft has talked about security a lot today, especially in relation to its upcoming Windows 11, as the company tries to make the case for requiring users to have specific hardware in order to upgrade. Incidents like these, where one compromised computer could give hackers a head start on future attacks, are illustrative of the cat-and-mouse game that Microsoft plays with those looking to breach its security.
https://www.theverge.com/2021/6/25/22551193/microsoft-customer-support-tools-solarwinds-hackers-nobelium