Security News > 2021 > June > Nobelium hackers accessed Microsoft customer support tools
Microsoft says they have discovered new attacks conducted by the Russian state-sponsored Nobelium hacking group, including a hacked Microsoft support agent's computer that exposed customer's subscription information.
During the investigation into the attacks, Microsoft also detected an information-stealing trojan on a Microsoft customer support agent's computer that provided access to "Basic account information" for a limited number of customers.
Nobelium used this customer information in targeted phishing attacks against Microsoft customers.
Microsoft reported these attacks after Reuters obtained an email sent to affected customers warning them that the threat actors gained access to information about their Microsoft Services subscriptions.
"A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," read the Microsoft email obtained by Reuters.
The Nobelium hacking group, also known as APT29, Cozy Bear, and The Dukes, has been attributed to the recent SolarWinds supply chain attack that compromised numerous US companies, including Microsoft, FireEye, Cisco, Malwarebytes, Mimecast, and various US government agencies.
News URL
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)