Posted on June 29, 2021 at 2:40 PM
Microsoft’s Investigation Of SolarWinds Attack Reveals New Breach
Months after the SolarWinds hack that affected several top companies, the least has not been heard about the incident. In a recent revelation Microsoft Inc., the company revealed that it has discovered another breach connected to the SolarWinds hacking incident.
The tech giant has been actively involved in an investigation about the infamous hacking incident. According to Microsoft+, the nation-state threat actors that carried out the supply chain attack infiltrated a computer of a Microsoft employee and used the privilege to launch targeted attacks against its customers.
The threat actors also infiltrated three entities with brute-force and password-spraying techniques to gain unauthorized access to accounts. They used large numbers of login access to bombard login servers.
Although the password-spraying campaign succeeded in infiltrating those three entities, Microsoft said the campaign was largely unsuccessful.
However, the tech giant has since informed all targets to be wary of any irregularities on their systems.
The discovery is coming as Microsoft was investigating the so-called Nobelium, linked with the highly technical hacking group that orchestrated that WolarWinds hack. The incident compromised the networks of 9 US agencies as well as 100 private companies.
Nobelium tied to Russian Security Service
According to the U.S. government, Nobelium is part of the Federal Security Service of the Russian government.
“The actor used this information in some cases to launch highly targeted attacks as part of their broader campaign,” Microsoft added.
The tech giant says it disclosed the breach after a reporter from one of the news outlets asked the firm about the notification is sent to the hacked or targeted customers.
The document revealed by Microsoft shows that the infected agent has some level of access to the services the customers paid for as well as access to billing information.
The company has advised customers to be wary of communications asking for their billing contacts. It also asked them to consider changing their email addresses and usernames, as well as bar any old usernames for logging into their accounts.
That way, any threat actor that has possession of the old account details will not have access to the account.
57% of SolarWinds attacks were IT companies
SolarWinds suffered a supply chain attack in December last year. It infiltrated the Texas-based firm and took possession of its software-built structure. The threat actors later delivered malicious mails and updates to 18,000 SolarWinds customers.
However, a SolarWinds spokesperson has commented about the latest breach discovery on Microsoft, stating that it doesn’t involve SolarWinds.
“The latest cyberattack reported by Microsoft does not involve our company or our customers in any way,” the spokesperson stated.
But the SolarWinds attack was not the only method the Nobelium threat actors used to infiltrate their targets. Malwarebytes anti-malware firm also revealed that the hackers also infiltrated part of its systems, although it was via a different vendor the firm did not mention.
Email management providers Mimecast and Microsoft also stated that there were victims of the Nobelium attack, which used the vulnerabilities to penetrate the companies’ partners or customers.
In Microsoft’s attack, the password-spraying malware targeted specific customers, with 20% from a government organization and 57% of the IT companies. The remaining percentage was shared among financial services, think tanks, and non-governmental organizations.
The report also revealed that 45% of the attacks were on U.S. organizations while 10% targeted U.K. customers. The threat actors also targeted customers from Canada and Germany, although they were in small numbers. In total, the report revealed that that threat actors targeted customers in 36 countries.
Microsoft’s dependent security exposed
A Microsoft spokesperson also stated that the Friday breach is not part of the previous attacks on Microsoft. The tech giant has not yet provided any details on the extent of the attack or how long the attackers succeeded in remaining within the targeted system. Some security experts have expressed shock at how the hackers were able to penetrate Microsoft, considering the embarrassing riches of security resources the company has.
An independent security researcher, Kenn White, stated that it’s surprising that Microsoft’s security system can be compromised by threat actors. He stated that the incident means the security systems of most companies are not safe.