Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Microsoft

Microsoft Says New Breach Discovered In Probe of Suspected SolarWinds Hackers (reuters.com) 23

An anonymous reader quotes a report from Reuters: Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft. Microsoft said it had warned the affected customers. "A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," the warning reads in part. The U.S. government has publicly attributed the earlier attacks to the Russian government, which denies involvement.

After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers. The agent could see billing contact information and what services the customers pay for, among other things. "The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said. Microsoft warned affected customers to be careful about communications to their billing contacts and consider changing those usernames and email addresses, as well as barring old usernames from logging in. Microsoft said it was aware of three entities that had been compromised in the phishing campaign. It did not immediately clarify whether any had been among those whose data was viewed through the support agent, or if the agent had been tricked by the broader campaign. Microsoft did not say whether the agent was at a contractor or a direct employee.

This discussion has been archived. No new comments can be posted.

Microsoft Says New Breach Discovered In Probe of Suspected SolarWinds Hackers

Comments Filter:
  • SolarWinds (Score:4, Informative)

    by phantomfive ( 622387 ) on Friday June 25, 2021 @10:46PM (#61522462) Journal

    SolarWinds outsourced their development to eastern Europe, and underpaid their developers. This is a company that is never going to be secure. If you are still using them, it's time to move on.

    • The open-source one will be much better. ;-)

    • On the contrary! Solar Winds is going to have to beef up security in a big way, in order to win customers back. The spotlight has been intense. This was a wake-up call that will result in major improvements, or death for the company. I'd sooner use them now, then two years ago.

      • On the contrary! Solar Winds is going to have to beef up security in a big way, in order to win customers back.

        They are not capable of that.

        This was a wake-up call that will result in major improvements, or death for the company.

        Based on people I've talked to, they are willing to use SolarWinds, even without improvements. Much like the Experian hack, the company will survive unfortunately.

        • On the contrary! Solar Winds is going to have to beef up security in a big way, in order to win customers back.

          They are not capable of that.

          And yet, you provide no alternative that can.

          This was a wake-up call that will result in major improvements, or death for the company.

          Based on people I've talked to, they are willing to use SolarWinds, even without improvements. Much like the Experian hack, the company will survive unfortunately.

          Based on the size of the company and market they command, I'd say the parent is more correct than you are. The spotlight is on them, as opposed to every other vendor still drunk and high on the concept of It'll-never-happen-to-us.

          • And yet, you provide no alternative that can.

            An alternative that is more secure than Solar Winds? Are you kidding me?

            • And yet, you provide no alternative that can.

              An alternative that is more secure than Solar Winds? Are you kidding me?

              Seems a few thousand companies felt they were plenty secure prior to a hack.

              Ignorant companies who still haven't audited their code and assume they're more secure, will learn. Getting knocked down, isn't what matters, because that eventually happens to everyone. Getting back up, is what matters, and I'm simply saying they have plenty of resources to get back up.

              And you still haven't provided an alternative.

              • And you still haven't provided an alternative.

                I literally did in a different post. But I have confident in your search engine skills, also. You can find one. That is something you can do.

                Getting back up, is what matters, and I'm simply saying they have plenty of resources to get back up.

                They don't know how. Security isn't something you can bolt on as an afterthought. That is not a skill they have.

    • SolarWinds outsourced their development to eastern Europe, and underpaid their developers. This is a company that is never going to be secure. If you are still using them, it's time to move on.

      Sounds like what you are saying is that it's time for the government to mandate software development security standards for all the software it uses.

      • I think there is definitely space where we can say "these things should not be done, and if you do them, you are liable." For example, no one should ever write an SQL injection exploit. That's just negligence.

        • Poppycock! How will we be able to protect ourselves from serious threats if we aren't allowed to demonstrate what they are?

  • It seems unlikely that Microsoft claimed the hackers won.

    Slashdot, you've been trolled by a pseudo-journalist who self-identifies as a "fanboy," and writes books about raves.

  • Since these customers including the government still use Microsoft and Solar Winds this is all by design. No one can help those who refuse to help themselves.
  • Microsoft and its customers suffered damage, Microsoft and law enforcement are taking it very seriously.

    This [slashdot.org] however isn't a real leak.

  • Hardly needed. This is MS we are talking about here. You know the company that has messed up IT security time and again and seems to be unable to learn.

    • Asking a company to develop to develop "the" standard for end user accessability when there was no government level equivalent and asking that their product be available to literally "everyone" on the planet? How do you balance that with proven security policies? A properly configured, augmented Microsoft environment is hard to break but you will pay for it.
  • Microsoft slogan since the eighties.

Kiss your keyboard goodbye!

Working...