{"id":41501,"date":"2021-06-26T03:28:11","date_gmt":"2021-06-26T03:28:11","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/"},"modified":"2021-06-26T03:28:11","modified_gmt":"2021-06-26T03:28:11","slug":"solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/","title":{"rendered":"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers"},"content":{"rendered":"<p><span data-label=\"in brief\">In brief<\/span> The SolarWinds backdoor gang last month infiltrated Microsoft&#8217;s support desk via a phishing attack to obtain information to use in cyber-attacks on some of the Windows giant&#8217;s own customers, it was reported.<\/p>\n<p>Redmond said it traced the intrusion to a member of a team it calls <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/05\/28\/solar_winds_attacker_nobelium_returns\/\" rel=\"noopener\">Nobelium<\/a>, the suspected Kremlin-run crew that used tainted SolarWinds Orion updates to snoop on organizations around the world. Russia insists it had nothing to do with that supply-chain attack. And SolarWinds told us this latest caper did not involve its products.<\/p>\n<p>It appears Microsoft was investigating a wider phishing campaign orchestrated by Nobelium when it discovered one of its own support agents had been hooked by the gang, handing the miscreants access to internal tools. That worker could view customers&#8217; contact information, lists of their cloud subscriptions, and other records.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Customers whose account information was retrieved by the intruder have been alerted. &#8220;A sophisticated nation-state associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions,&#8221; the IT giant told those clients, Reuters <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.reuters.com\/technology\/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25\/\">reported first<\/a> on Friday.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>&#8220;The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign.&#8221;<\/p>\n<p>A spokesperson for SolarWinds told us &#8220;the latest cyber-attack reported by Microsoft does not involve our company or our customers in any way.&#8221;<\/p>\n<div class=\"boxout\" readability=\"31.252502780868\">\n<p><b>Mercedes-Benz USA<\/b> this week <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/finance.yahoo.com\/finance\/news\/mercedes-benz-usa-announces-initial-203000696.html\">said<\/a> 1,000 or so customers&#8217; sensitive personal information \u2013 such as credit card, driving license, and social security numbers, and dates of birth \u2013 were accidentally left out in the open on an insecure cloud storage system that has since been fixed. The data was collected from its website between January 2014 and June 2017.<\/p>\n<p>It seems the exposed database had as many as 1.6 million unique records in it, and the majority of those were slightly less sensitive: names, home and email addresses, phone numbers, and some purchased vehicle info.<\/p>\n<p>Earlier this month, Volkswagen and its subsidiary Audi told 3.3m people their personal info <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/response.idx.us\/audivwdataprotect\/#\">had been obtained<\/a> by miscreants after a third-party supplier left the data facing the public internet. Again, most of the records were contact information and details of purchased vehicles, and for 90,000 folks, more sensitive info.<\/p>\n<\/div>\n<h3 class=\"crosshead\"> <span>AWS buys Wickr<\/span><br \/>\n<\/h3>\n<p>Amazon Web Services announced on Friday it has bought Wickr, the popular encrypted messaging system, for an undisclosed sum.<\/p>\n<p>Wickr started out as a secure smartphone chat app <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/08\/23\/wickr_slicker_with_fresh_network_tricker\/\" rel=\"noopener\">for NGOs<\/a>, with end-to-end encrypted messages that could be auto-deleted. Then it <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/07\/11\/put_whatsapp_slack_and_admin_privileges_in_a_blender_and_what_do_you_get_wickr\/\" rel=\"noopener\">branched out<\/a> to the desktop, and enterprise versions appeared for on-prem and cloud servers. It&#8217;s also used by the US military and law enforcement, not to mention an <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2015\/10\/09\/australian_prime_minister_runs_private_email_server\/\" rel=\"noopener\">Australian Prime Minister<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;The need for this type of secure communications is accelerating,&#8221; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/aws.amazon.com\/blogs\/security\/aws-welcomes-wickr-to-the-team\/\">said<\/a> AWS chief information security officer Stephen Schmidt. &#8220;With the move to hybrid work environments, due in part to the COVID-19 pandemic, enterprises and government agencies have a growing desire to protect their communications across many remote locations.<\/p>\n<p>&#8220;Wickr\u2019s secure communications solutions help enterprises and government organizations adapt to this change in their workforces and is a welcome addition to the growing set of collaboration and productivity services that AWS offers customers and partners.&#8221;<\/p>\n<p>Wickr is also popular with some journalists, though one wonders if they&#8217;ll keep using the software seeing as it&#8217;s now owned by a corporation that seems to relish <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.motherjones.com\/politics\/2021\/06\/amazon-journalists-pr-tactics\/\">badgering and nitpicking<\/a> reporters and editors. The accountants at Juniper Networks may be happy: the Silicon Valley biz was a seed funder for Wickr, and one assumes it got a good return on its investment from this acquisition.<\/p>\n<h3 class=\"crosshead\"> <span>Mozilla starts Rally for privacy<\/span><br \/>\n<\/h3>\n<p>In a somewhat quixotic move, Mozilla is asking its users to send their data to third parties in the hope that it&#8217;ll one day be better protected.<\/p>\n<p>The scheme, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.mozilla.org\/en\/mozilla\/take-control-over-your-data-with-rally-a-novel-privacy-first-data-sharing-platform\/\">dubbed Rally<\/a>, will let Firefox users install a plugin that lets them share some of their user data and personal information with academics researching how people use the internet and what data they are actually having to share to do so. Users choose how much info they send and to which project, with teams at Princeton and Stanford are already signed up to participate.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Quantitative research is essential for understanding tech policy problems and for holding platforms accountable. Here&#8217;s the problem: methods and data often aren\u2019t adequate,&#8221; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/jonathanmayer\/status\/1408434900458483717\">said<\/a> Jonathan Mayer, a professor of computer science at Princeton.<\/p>\n<p>&#8220;Platforms could help with these research barriers. But platforms, unsurprisingly, haven\u2019t been very interested in enabling research that examines their own problems and misconduct. Rally doesn\u2019t depend on platform gatekeepers \u2014 it\u2019s entirely independent, powered by users.&#8221;<\/p>\n<p>Moz also released a tool called WebScience for other academics that want to get involved. Now we may actually get some realistic data, if enough people take part.<\/p>\n<h3 class=\"crosshead\"> <span>Cryptomining malware Crackonosh targets gamers<\/span><br \/>\n<\/h3>\n<p>The perils of piracy were highlighted yet again this week, this time in a report on Crackonosh, a malware outbreak among gamers that netted millions in Monero.<\/p>\n<p>The Windows software nasty Crackonosh, Avast <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/decoded.avast.io\/danielbenes\/crackonosh-a-new-malware-distributed-in-cracked-software\/\">said<\/a>, was hidden in cracked versions of popular games like Far Cry 5, NBA 2K19 and, somewhat ironically, Grand Theft Auto V. Once installed, the code shut down any security software it could find, and installed a Monero miner called XMRig, which takes advantage of gamers&#8217; rigs.<\/p>\n<p>&#8220;Crackonosh has been circulating since at least June 2018 and has yielded over $2,000,000 USD for its authors in Monero from over 222,000 infected systems worldwide,&#8221; Avast claimed.<\/p>\n<p>&#8220;As long as people continue to download cracked software, attacks like these will continue to be profitable for attackers. The key take-away from this is that you really can\u2019t get something for nothing and when you try to steal software, odds are someone is trying to steal from you.&#8221;<\/p>\n<p>Indeed, booby-trapped games that have had their anti-piracy code filed off have been around for about as long as cracked games themselves.<\/p>\n<h3 class=\"crosshead\"> <span>Oklahoma! where the data goes blowing on the web<\/span><br \/>\n<\/h3>\n<p>The City of Tulsa, Oklahoma, has admitted that files snatched from its police department computers have been released onto the web by extortionists.<\/p>\n<p>Over 18,000 police citations and internal department files were leaked, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cityoftulsa.org\/press-room\/ransomware-update-june-22-tulsa-police-citations-posted-on-dark-web-tulsa-residents-should-take-necessary-precautions\/\">it said<\/a>, and &#8220;out of an abundance of caution, anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where PII was shared,&#8221; should check their bank accounts.<\/p>\n<p>Tulsa got hit by a major ransomware infection on May 6. Mayor G.T. Bynum refused to pay up, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.bankinfosecurity.com\/blogs\/ransomware-hit-tulsa-promises-recovery-ransom-paying-p-3047\">saying<\/a>: &#8220;Know that your tax dollars are not going to go into the hands of criminals,&#8221; and vowed the city wouldn&#8217;t pay &#8220;a nickel.&#8221;<\/p>\n<h3 class=\"crosshead\"> <span>Canadian Navy bests the rest in military cyber contest<\/span><br \/>\n<\/h3>\n<p>US Cyber Command&#8217;s annual war games were held this week and, despite America fielding the majority of the players, it was its upstairs neighbor who scooped the top prize.<\/p>\n<p>This year&#8217;s Cyber Flag 21-2, or &#8220;Big Flag,&#8221; contest saw a simulated computer attack on a major logistics facility (sound familiar?) by two adversaries. The 430 military and civilian keyboard warriors from the US, Canada, and UK scored points for thwarting these infections, defending against threats, and shoring up unsafe systems.<\/p>\n<p>\u201cCyber Flag 21-2 tested the best and brightest cyber protection teams. This exercise assessed their tactical cyber skills while collectively improving our cyber resiliency. I\u2019d also like to congratulate the Royal Canadian Navy\u2019s Cyber Protection Team, the winner of this year\u2019s event,\u201d <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cybercom.mil\/Media\/News\/Article\/2671401\/media-advisory-cyber-flag-21-2-winner-announcement\/\">said<\/a> General Paul Nakasone, US Cyber Command commander, presumably through slightly gritted teeth. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/06\/26\/in_brief_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: Amazon gobbles Wickr, automakers cough to privacy blunders, and more In brief\u00a0 The SolarWinds backdoor gang last month infiltrated Microsoft&#8217;s support desk via a phishing attack to obtain information to use in cyber-attacks on some of the Windows giant&#8217;s own customers, it was reported.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-41501","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-26T03:28:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers\",\"datePublished\":\"2021-06-26T03:28:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\"},\"wordCount\":1265,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\",\"name\":\"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-06-26T03:28:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage\",\"url\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-06-26T03:28:11+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers","datePublished":"2021-06-26T03:28:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/"},"wordCount":1265,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/","url":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/","name":"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-06-26T03:28:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YNgNEhGQqzrSHz7@tYCLBwAAABg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-backdoor-gang-pwns-microsoft-support-agent-to-turn-sights-on-customers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"SolarWinds backdoor gang pwns Microsoft support agent to turn sights on customers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41501"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41501\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}