Microsoft latest victim of Solarwinds hacker attack with over 40 customers compromised. ‘This is not ‘espionage as usual, even in the digital age’
We’ve been covering the cyber attack on Solarwinds Orion products over the past two days. It appeared the hack was widespread as we learned more about the impact of the attack. Late yesterday night, Microsoft confirmed it was a victim of attacks resulting from vulnerabilities tied to software from SolarWinds.
In what the tech giant called, a moment of reckoning, Microsoft said over 40 of its customers had their networks infiltrated by hackers following the SolarWinds supply chain attack after they installed backdoored versions of the Orion IT monitoring platform. Microsoft said 80 percent of the affected customers are from the United States.
The final weeks of a challenging year have proven even more difficult with the recent exposure of the world’s latest serious nation-state cyberattack. This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms. It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous
“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” Microsoft said in a blog post.
At this point, no one knows for sure if this is just the beginning of a global-scale cyberattack on the United States by state-sponsored actors. Reuters, citing people familiar with the matter, reported that Microsoft products were leveraged to attack victims. One U.S. Federal official, speaking on condition of anonymity, also said the hack was severe and extremely damaging. “This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
Microsoft president Brad Smith also added that the nation-ranging hack of the SolarWinds’ Orion software is still “ongoing,” and that investigations reveal “an attack that is remarkable for its scope, sophistication, and impact.”
To further illustrate the nature of the initial phase of the attack and the breadth of supply chain vulnerability, Microsoft included the map below that used telemetry taken from Microsoft’s Defender Anti-Virus software.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said, adding that the company had found “no indications that our systems were used to attack others.”
On Monday, we wrote about SolarWinds after the company admitted to the Solarwinds told SEC that about 18,000 of its customers compromised for 6 months in the hack of its Orion software.