Microsoft said Thursday: It has found malware in its systems related to a massive piracy campaign exposed by US officials this week, adding a major technical target to a growing list of government agencies that have come under attack.
Microsoft is one of the users of Orion, SolarWinds‘ widely used network management software, which has been used in suspected Russian attacks on vital US agencies, among others.
Reuters quoted informed sources as saying: Microsoft’s products were used to attack the victims. On Thursday, the US National Security Agency released a rare cybersecurity advisory statement detailing how hackers infiltrated some Microsoft Azure cloud services, directing users to shut down their systems.
A Microsoft spokesperson said: “Like other SolarWinds customers, we have been actively looking for indications for this.
A Microsoft spokesperson said: “Like other SolarWinds customers, we have been actively looking for indications of this breakthrough, and we can confirm that we discovered malicious SolarWinds code in our systems, which we isolated and removed,” adding that the company found “no indications that our systems were being used to attack Others ”.
One person familiar with the hacking incident said: Hackers took advantage of Microsoft’s cloud offerings while avoiding the company’s infrastructure. However, another person familiar with the matter said: The US Department of Homeland Security did not believe Microsoft was a major vehicle for new infection.
The US Department of Energy also said: It had evidence of hackers gaining access to its networks as part of the campaign. The US newspaper Politico had previously reported that the National Nuclear Security Administration, which manages the country’s nuclear weapons stockpile, was targeted in the campaign.
In its Thursday bulletin, the Department of Homeland Security said: Hackers have used other technologies as well as corrupting SolarWinds’ network management software updates that are used by hundreds of thousands of companies and government agencies.
The Agency for Cybersecurity and Infrastructure Security urged investigators not to assume that their organizations are secure if they do not use modern versions of SolarWinds, while also noting that hackers have not exploited every network they have accessed either.
The agency said: It continues to analyze other methods used by the attackers. So far, hackers are known to have monitored e-mail or other data within the US defense, state, treasury, homeland security and trade departments.