She said Microsoft said an attacker gained access to a customer service agent and then used the information to try to hack customers.
The company said it found a breach in its response to the breach by a team it identified as responsible for previous major breaches at SolarWinds and Microsoft.
She warned affected customers. A copy of one of the warnings stated that the attacker belonged to a group called Microsoft Nobelium. And it had access during the second half of May.
The warning notes in part that a sophisticated representative associated with the nation-state that Microsoft calls Nobelium accessed customer support tools to review information about Microsoft service subscriptions.
The US government has publicly attributed the previous attacks to the Russian government, which has denied involvement.
Read also: Facebook continues to develop artificial intelligence for its service
After commenting on a broader phishing campaign that it said harmed a small number of entities, the company said it had also discovered a breach of its proxy, which it said had limited powers.
The agent can see contact information for billing and services that customers pay for, among other things.
“The representative has used this information in some cases to launch highly targeted attacks as part of his broader campaign,” the company added.
Also Read: LG Tries Delivery Service Through Robots
The software giant warned affected customers to be careful about communications with billing contacts and to consider changing these usernames and email addresses, as well as preventing old usernames from logging in.
Microsoft is dealt a new blow:
Microsoft said it is aware of three entities that were compromised in the phishing campaign.
It did not make clear whether any of them were among those whose data had been shown through the support agent, or whether the agent had been duped by the broader campaign.
Read also: How to protect your SIM card from hacking and theft
Microsoft did not say whether the agent was a contractor or a direct employee.
A spokesperson said the latest breach by the threat actor was not part of the previous successful Nobelium attack against Microsoft, through which it obtained some source code.
In the SolarWinds attack, the group changed the code to access SolarWinds customers, including nine US federal agencies.
Read also: International Lunar Research Station plans take shape
The attackers also exploited vulnerabilities in the way Microsoft software is configured, according to the Department of Homeland Security.
Microsoft later said the group hacked into its employees’ accounts and took code that governs how Microsoft verifies users’ identities.