From arstechnica.com
![A phone and the wall behind it share a solarwinds logo.](https://cdn.arstechnica.net/wp-content/uploads/2021/06/solarwinds-800x534.jpeg)
The nation-state hackers who orchestrated the SolarWinds supply chain attack compromised a Microsoft worker’s computer and used the access to launch targeted attacks against company customers, Microsoft said in a terse statement published late on a Friday afternoon.
The hacking group also compromised three entities using password-spraying and brute-force techniques, which gain unauthorized access to accounts by bombarding login servers with large numbers of login guesses. With the exception of the three undisclosed entities, Microsoft said, the password-spraying campaign was “mostly unsuccessful.” Microsoft has since notified all targets, whether attacks were successful or not.