Microsoft Discovers New Breach Through SolarWinds Attack

Share post:

Microsoft said an attacker gained access to one of its customer service representatives and then used information from it to launch hacking attempts against customers.

Microsoft found the vulnerability during its response to hacks by a team that identified it as responsible for previous hacks at SolarWinds and Microsoft.

Reportedly, the attacker belonged to the Nobelium group and had broken through the system in the second half of May.

Microsoft said it had warned affected customers.

In addition, Microsoft also found the breach of its own agent, who was able to view billing contact data and which services customers were paying for, among other things.

Microsoft warned affected customers to be vigilant when communicating with their billing contacts, change usernames and email addresses, and prohibit old usernames from logging in.

Microsoft said that it knew of three companies that had been compromised as part of the phishing campaign.

A White House official said the recent hacking and phishing campaign was far less serious than the SolarWinds fiasco.

For more information, read the original story in Reuters.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways