Microsoft has revealed that some of its customer support tools have been accessed by the hacking group Novelium. The hacking group was linked to a separate SolarWinds attack that compromised the computer of a Microsoft customer service representative. Microsoft said Reuters The agent had limited access and could see the services the customer used and their payment contact information and more. According to Microsoft, hackers used information gathered by the tool to launch “highly targeted” attacks against certain Microsoft customers.
Microsoft said the attack was part of a larger Novellium campaign that focused primarily on IT companies and governments around the world. The company said the hacking group’s use of the tool reached affected customers, and Nobelium said it no longer had access to the customer support agents’ devices.
Microsoft has been talking a lot about security, especially when it comes to the upcoming Windows 11. The company is trying to make the case for requiring specific hardware from users for upgrades. Incidents like this one, where a single compromised computer could hasten future attacks for hackers, exemplify Microsoft’s cat-and-mouse game with people trying to breach security.
Updated June 26 at 12:47 PM ET: Clarified that the incident is separate from the SolarWinds attack