Hackers compromised Microsoft support agent to launch attacks against customers

News
By
published

Microsoft has called the campaign 'mostly unsuccessful'

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

Cybersecurity researchers from Microsoft have shared details about a recent and “mostly unsuccessfully” campaign by state-sponsored actors against several customers.

Security experts at the Microsoft Threat Intelligence Center (MSTIC) note that threat actor Nobelium used an information-stealing malware on the computer of a customer support agent to launch a series of “highly-targeted” attacks.

“This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date,” shared MTIC in a blog post, without going into details about the extent of the compromise.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

Reuters claims Microsoft announced the breach only after it approached the software giant to inquire about a note the Redmond-based company had sent out to affected customers.

Run-of-the-mill espionage

The state-sponsored Nobelium group, thought to be operating out of Russia, is largely believed to be behind the infamous SolarWinds supply chain attack.

Reuters spoke to an unnamed official at the White House, who claimed the latest campaign appeared far less serious than the SolarWinds attack.

"This appears to be largely unsuccessful, run-of-the-mill espionage," the official reportedly told Reuters.

In its blog post, MSTIC shares that Nobelium conducted password spray and brute-force attacks against Microsoft customers to gain access to their networks.

The threat actor targeted customers in three dozen countries, with most of the targets in the US (45%), followed by UK (10%), and smaller numbers in Germany and Canada.

The majority of these were IT companies (57%), followed by government entities (20%), and smaller percentages for non-governmental organizations and think tanks, as well as financial services.  

“This type of activity is not new, and we continue to recommend everyone take security precautions such as enabling multi-factor authentication to protect their environments from this and similar attacks,” MSTIC advised.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Cyber warfare
Microsoft says Russia is hacking Ukrainian military tech by stealing points of entry from third-parties
A red padlock image against a digital map of the earth in blue.
Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Russia
Major Russian hacking group shifts focus to US and UK targets
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang &amp; Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
HTC Viverse

The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
See more latest
Most Popular
HTC Viverse
The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel