On Friday Microsoft said that an attacker had won the access to one of its customer service agents and then used information from that to launch hacking attempts against its customers.
Microsoft said they had found the compromise during its response to hacks by a team it identifies as responsible for earlier major violation at SolarWinds and Microsoft.
Microsoft said that had warned the all the affected customers about communications to their billing contacts and consider changing those usernames and email addresses.
A copy of one warning seen by the Reuters and said that the attacker belonged to the group Microsoft calls Nobelium and they had access during May. Microsoft said it had also found the violation of its own agent who had limited powers.
Microsoft said that the actor used this information in some cases to launch highly targeted attacks as a part of their broader campaign.
In the SolarWinds attack the group had altered the code in that company to access SolarWinds customers including nine US federal agencies.