Hackers behind the colossal SolarWinds cyberattack have targeted Microsoft again, where they are using brute force and password spraying attacks to get access to users’ Microsoft accounts.
SolarWinds Hackers at it again:
This is the second time that Microsoft has personally encountered the SolarWinds hackers, the first time being back in February when the threat actors compromised the tech giant’s network to view the source code of its products and services like Azure, Intune, and Exchange.
According to Microsoft’s Threat Intelligence Center, the new campaign by SolarWinds threat actors has been mostly unsuccessful, with their analytics drawing to the conclusion that the majority of the targets were not even compromised.
To date, only three successfully compromised entities have been identified by the tech giant, whose names have not been disclosed.
“All customers that were compromised or targeted are being contacted through our nation-state notification process,” states Microsoft.
Security news service Reuters was the primary source who came across the development and subsequently reported it to Microsoft.
The latest campaign of the SolarWinds hackers has mainly targeted IT organizations, government as well as non-government agencies, think tanks, and financial services.
Reportedly, about 45% of these attacks were focused in the U.S, U.K, Germany, and Canada.
Microsoft tracking malicious activities:
Microsoft has named the SolarWinds adversaries as Nobelium, where it is traced by a bigger cybersecurity community under the designations APT29, UNC2452 (FireEye), SolarStorm (Unit 42), StellarParticle (Crowdstrike), Dark Halo (Volexity), and Iron Ritual (Secureworks).
Furthermore, Microsoft’s Threat Intelligence Center was also able to detect other malware such as information stealers on one of their own support agent systems. This system had access to elementary information for a small number of its customers.
Investigation of the incident is still underway, and the details which have fundamentally come forth state that the stolen customer data was used to initiate highly targeted attacks as a segment of a wider cyber-campaign.
The impacted malware-ridden device was promptly secured by Microsoft.
The new developments come a month following the cyber campaign of the Solarwinds hackers i.e Nobelium, where they targeted more than 150 organization around the globe by biasing a compromised USAID account at a mass email marketing company called Constant Contact to deploy phishing emails that enabled the threat actors to deploy backdoors capable of stealing valuable information.