Microsoft Corp. said hackers, linked by U.S. authorities to Russia’s Foreign Intelligence Service, installed malicious information-stealing software on one of its systems and used information gleaned there to attack its customers.
The hackers compromised a computer used by a Microsoft customer support employee that could have provided access to different types of information, including “metadata” of accounts and billing contact information for the organization, a Microsoft spokesman said.
Microsoft is aware of three customers that were affected by the recent activity, the company said in a blog post.
“The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign,” Microsoft said. “We responded quickly, removed the access and secured the device.”
The incident was part of a broader campaign—which involved other hacking techniques beyond leveraging the information taken from its support system—that primarily targeted technology companies and government agencies in 36 countries.
Most of the attacks were unsuccessful, but three of Microsoft’s customers were compromised during the campaign, the company said. “We have confirmed that two of the compromises were unrelated to the support agent issue, and are continuing to investigate the third instance,” a Microsoft spokesman said.
Microsoft identified the hackers behind the break-in as Nobelium, the same group associated with the sophisticated hack at Austin, Texas-based software maker SolarWinds Corp. U.S. authorities have said this group is part of Russia’s Foreign Intelligence Service, known as the SVR. Russia has denied involvement in the SolarWinds hack. A Russian embassy representative didn’t immediately return a message seeking comment on Microsoft’s blog post.
“This should concern all of us,” said Sherri Davidoff, chief executive of the security consulting firm LMG Security LLC. “Hackers made it past the defenses of one of the world’s most sophisticated technology suppliers, whose software underlies our entire economy.”
The incident marks…