<p>Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.</p>.<p>The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft.</p>.<p>Microsoft said it had warned the affected customers. A copy of one warning seen by <em>Reuters</em> said that the attacker belonged to the group Microsoft calls Nobelium and that it had access during the second half of May.</p>.<p>"A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," the warning reads in part.</p>.<p>After <em>Reuters</em> asked about that warning, Microsoft announced the breach publicly.</p>.<p>After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers.</p>.<p>The agent could see billing contact information and what services the customers pay for, among other things.</p>.<p>"The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said. </p>
<p>Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers.</p>.<p>The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft.</p>.<p>Microsoft said it had warned the affected customers. A copy of one warning seen by <em>Reuters</em> said that the attacker belonged to the group Microsoft calls Nobelium and that it had access during the second half of May.</p>.<p>"A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," the warning reads in part.</p>.<p>After <em>Reuters</em> asked about that warning, Microsoft announced the breach publicly.</p>.<p>After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers.</p>.<p>The agent could see billing contact information and what services the customers pay for, among other things.</p>.<p>"The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said. </p>