In a short statement, Microsoft stated that the nation-state hackers responsible for the SolarWinds supply chains attack had compromised a Microsoft worker's computer and used it to launch targeted attacks on company customers.Ars Technica. This article originally appeared on Ars Technica. It is a trusted source of technology news, analysis, reviews and other information. Cond Nast, WIRED's parent company owns Ars.Three other entities were also compromised by the hacking group using password-spraying or brute-force methods. They gained unauthorized access to accounts through bombarding login servers in large numbers with login guesses. Microsoft stated that the password-spraying campaign was unsuccessful with the exception of three entities not disclosed.These discoveries were made as part of Microsoft's ongoing investigation into Nobelium. Microsofts name is for the sophisticated hacking group that used SolarWinds software upgrades to compromise network belonging to nine US agencies, and 100 private companies. According to the federal government, Nobelium is part Russian Governments Federal Security Service.We also discovered information-stealing malware in the machine of one of our customer service agents. He had access to basic account information for only a few of our customers. This was part of our ongoing investigation, Microsoft stated in a blog post. This information was used in certain cases by the actor to launch targeted attacks as part a larger campaign.Reuters reports that Microsoft disclosed the breach after a reporter asked Microsoft about the notification it sent targeted or hacked customers. Microsoft did not reveal the infected computer of workers until the fourth paragraph of its five-paragraph post.Reuters reported that the infected agent could have access to billing information and customer services. Microsoft advised affected customers to be cautious about communication to their billing contacts. The news service also reported that Microsoft suggested that they change usernames and email addresses and prohibit old usernames from logging into.In December, SolarWinds was the victim of a supply chain attack. Nobelium distributed malicious updates to approximately 18,000 SolarWinds customers after hacking into the Austin, Texas-based company.A SolarWinds representative stated in an email that "the latest cyberattack reported Microsoft does not involve either our company nor our customers in any manner."Nobelium was not only infected by SolarWinds through a supply chain attack, but other ways as well. Malwarebytes, an anti-malware company, has stated that Nobelium infected it through another vector. The company did not identify this vector.Microsoft and Mimecast, an email management company, have both stated that they were also hacked. Nobelium then used the compromises to hack customers and partners of the companies.Microsoft stated that password-spying was targeted at specific customers with 57% of the victims being IT companies and 20% government agencies. The rest were nongovernmental organizations, think tanks and financial services. The activity targeted US customers for 45 percent, the UK for 10 percent, and Canada for smaller amounts. Customers in 36 countries were targeted.According to Reuters, a Microsoft spokesperson said that Friday's breach was not part of the previous successful attack against Microsoft. The company has not yet provided key details such as the time the agent's computer was compromised, and whether it hit a Microsoft-managed device on a Microsoft network or an independent contractor device on a home network.Many security analysts were shocked by Friday's disclosure.I mean, Jesus! If Microsoft can't keep their own computer safe from viruses, then how is the rest? Kenn White, an independent security researcher told me. It would seem that customer-facing systems are the most secure.This story first appeared on Ars Technica.Here are more great WIRED stories
