SolarWinds backdoor gang pwned Microsoft support agent to turn sights on customers


The spies who backdoored SolarWinds’ Orion software infiltrated Microsoft’s support desk systems last month and obtained information to use in cyber-attacks on some of the Windows giant’s customers, it was reported.

Redmond said it traced this latest intrusion to a member of a team it calls Nobelium, the suspected Kremlin-run crew that used tainted Orion updates to snoop on organizations around the world. Russia insists it had nothing to do with the supply-chain attack on SolarWinds.

Microsoft customers targeted by the support desk intruder have been alerted. The caper was detected during what sounds like an investigation into a wider phishing campaign that, as it turned out, hooked a Microsoft support agent, who had access to customers’ contact information, lists of their cloud subscriptions, and other records.

Read more…