An attacker gained access to a Microsoft customer service agent and used the information gained to launch hacking attempts against customers.
The tech giant says it had warned affected clients about the compromise found during its response to hacks by a team it believes is responsible for earlier breaches at SolarWinds and Microsoft itself.
“A sophisticated nation-state-associated actor that Microsoft identifies as Nobelium accessed Microsoft customer support tools to review information regarding your Microsoft services subscriptions,” Reuters news agency quoted the company as telling affected customers.
The US government has publicly attributed the earlier attacks to the Russian government, which denies involvement.
Microsoft said its hacked agent had permission to see billing contact information and the services customers pay for among other details.
“The actor used this information in some cases to launch highly targeted attacks as part of their broader campaign,” Microsoft said.
The software provider warned the affected customers to be careful about communications to their billing contacts, urged them to consider changing those usernames and e-mail addresses and barring old usernames from logging in.
Microsoft added it was aware three entities had been compromised in the phishing campaign.
Missed PrivSec Global’s livestream experience? No problem, simply click here to access the sessions on demand.