Security News > 2021 > June > Attackers Breach Microsoft Customer Service Accounts

The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft's corporate networks to gain access to specific organizations - primarily, U.S.-based IT and government organizations.

Microsoft officially announced the attacks after Reuters obtained an email sent to customers which explained that the threat group Nobelium stole customer-service-agent credentials to gain access and launch attacks against Microsoft customers.

Nobelium is the internal Microsoft name for the group believed to be behind the SolarWinds attacks, which also goes by APT29, Cozy Bear and The Dukes.

The Microsoft Threat Intelligence Team found 45 percent of their customers who were targeted in the attacks are in the U.S. - out of those, 57 percent are IT companies and 20 percent are government agencies.

In addition to password spraying and brute-force attacks, Microsoft said they found info-stealer malware aimed at specific customers.

Erich Kron with KnowBe4 sees this type of attack on the biggest organizations as a sign that attackers are getting more ambitious in picking their victims for the maximum payoff.

News URL

https://threatpost.com/russian-attackers-breach-microsoft/167340/