Microsoft Corp. said the hackers behind the SolarWinds cyberattack recently compromised a new trio of victims using access to one of the company’s customer support agents.
The hacked portal used by the individual agent contained information for a “small number of customers,” which the attackers used to launch a “highly-targeted” attack,” Microsoft said Friday in a blog post.
The company said it has since removed the attackers and secured the compromised device.
Microsoft didn’t identify the victims, but said it had alerted the hacked entities through its nation-state notification process.
Microsoft’s Threat Intelligence Center attributed the attack to a group called “Nobelium.” That’s the same group of state-sponsored Russian hackers who used sophisticated intrusion techniques in 2020 to infect with malware as many as 18,000 customers of the Texas-based software company, SolarWinds Corp.
Microsoft said Nobelium targeted IT companies, governments, non-profits, think tanks and financial services entities across 36 countries during the recent attack.
“The activity was largely focused on U.S. interests, about 45%, followed by 10% in the U.K., and smaller numbers from Germany and Canada,” the Redmond, Washington-based software maker said in the blog.