In a statement Microsoft said, it had found a new vulnerability which was exploited by SolarWinds hackers. The attackers had gained access to one of Microsoft’s customer-service agents, they had then used information gained from there to launch hacking attempts against customers.
Microsoft had discovered the route used by hackers while responding to hacks by a team of hackers which it had earlier attributed to major breaches at SolarWinds and on its own servers.
Microsoft has notified the affected customers of the breach. The hacker belonged to hacking team which Microsoft calls Nobelium.
“A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,” reads a part of the warning.
Earlier, the U.S. government has publicly attributed the SolarWinds hacks to the Russian government, which has denied involvement.
“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,” said Microsoft.
Microsoft has warned affected customers to be careful about communications to their billing contacts; it has also told them to consider changing those usernames and email addresses, as well as block old usernames from logging in.
So far, three entities have been compromised in the phishing campaign, said Microsoft.
Microsoft’s spokesman also mentioned that the latest breach by the threat actor was not part of Nobelium’s previous successful attack on Microsoft, in which it obtained some source code.
In the SolarWinds attack, the group altered code at that company to access SolarWinds customers, including nine U.S. federal agencies.
According to the Department of Homeland Security, the hackers had also taken advantage of weaknesses in the way Microsoft programs were configured.
In a statement, an official from the White House said, the latest intrusion and phishing campaign was far less serious than the SolarWinds hack.
“This appears to be largely unsuccessful, run-of-the-mill espionage,” said the official.
A spokesman for the Homeland Security’s Cybersecurity and Infrastructure Security Agency said, the agency “is working with Microsoft and our interagency partners to evaluate the impact. We stand ready to assist any affected entities.”
SolarWinds’ spokesperson said, “The latest cyberattack reported by Microsoft does not involve our company or our customers in any way.”