Microsoft ensnared in SolarWinds hack; scope of breach grows

Microsoft president Brad Smith warns the SolarWinds hack reveals “an attack that is remarkable for its scope, sophistication and impact.”



Microsoft Corp. said its systems were exposed to the malicious malware used in the SolarWinds hack that targeted several U.S. states and federal agencies.

The Redmond, Washington company is a user of SolarWinds’ Orion IT software which hackers targeted to carry out the wide-ranging cyberattack that ripped through parts of the U.S. government. Once in Microsoft’s network, the company’s products were then used to further the attack on others.

It was not immediately clear how many Microsoft users were affected by compromised products. The Department of Homeland Security said earlier this week that hackers used multiple entry points to carry out one of the most sophisticated and large-scale attacks on American infrastructure.

Microsoft SolarWinds Hack Scandal

Microsoft has been working to notify “more than 40 customers that the hackers targeted more precisely and compromised through additional and sophisticated measures,” said the company’s president Brad Smith.

Microsoft has been working to notify “more than 40 customers that the hackers targeted more precisely and compromised through additional and sophisticated measures,” said the company’s president Brad Smith.

SolarWinds Hack: Scope widens

The United States government continues to face the aftermath of the recent SolarWinds cyberattack. Authorities have expressed concern over the scope of the hack that rattled top federal agencies, including the US Treasury, the energy department and the commerce departments. The hacking campaign is even said to have targeted the agency responsible for the nation’s nuclear weapons stockpile.

In a statement on Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) warned that it will be difficult to eliminate the malware inserted through SolarWinds Orion Network Management Products.

“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency said.

SolarWinds said earlier this week that up to 18,000 of its more than 300,000 customers had downloaded the trojanized version of its compromised software. Hackers introduced malware into the IT software provider’s popular network safety tool called Orion, which is used by numerous federal agencies and large corporations.

The hack began as early as March, when the malicious code was introduced to Orion. The malware gave the hackers remote access to an organization’s networks, including internal emails. The scope of the hack still remains unclear.

CISA said it was continuing to analyze the other entry methods used by the attackers. The hackers are known to have at least monitored email or other data within the US departments of defense, state, treasury, homeland security and commerce.

The agency did not identify behind the SolarWinds hack but private security companies suspect it could be the work of Russia.

Hours after the CISA alert was issued, the US Energy Department said it had evidence hackers gained access to their networks as part of the SolarWinds hacking spree. The department said the impact has been isolated to business networks and “has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA),” which oversees the nation’s stockpile of nuclear weapons.

A wake-up call

Federal authorities and cyber security experts are warning that the incident should serve as a wakeup call for both the government and private sector companies, as foreign elements will conduct similar attacks in the future.

As for Microsoft, Smith said the cyberattack “represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

We need a more effective national and global strategy to protect against cyberattacks,” he wrote in blog addressing the scope of the SolarWinds breach.

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

(Image: Unsplash)

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Renewable Energy Adoption will Need to Change Gears to Meet Net-Zero

Renewable Energy Adoption will Need to Change Gears to Meet Net-Zero

Renewable energy adoption pace is good, but it is still falling short of meeting net zero emission rate, says the latest International Energy Agency’s (IEA) annual report. Higher
7 hours ago
America is Losing its Appetite for Plant-Based Meat

America is Losing its Appetite for Plant-Based Meat

Most meat in 2040 will not come from animals, says report. However, the recent decline in sales of plant-based meat fell by 1.8 percent compared to the year before, taking declines
1 day ago
Fusion startup raises $1.8 billion to give us unlimited clean energy

Fusion startup raises $1.8 billion to give us unlimited clean energy

Commonwealth Fusion Systems secures more than $1.8 billion in Series B funding to commercialize fusion energy. The funding round was led by Tiger Global Management with participati
2 days ago
Omicron might push inflation, says OECD

Omicron might push inflation, says OECD

The latest Coronavirus variant, Omicron, which is believed to be more transmissible and severe, might derail growth and recovery and raise costs, according to the Organization for
2 days ago
Who is Parag Agrawal, Twitter’s new CEO?

Who is Parag Agrawal, Twitter’s new CEO?

Indian-born Parag Agrawal took over as the CEO of Twitter as co-founder Jack Dorsey stepped down for the second time in his career. Agrawal is the fourth person to take the reins a
3 days ago
Goldman Sachs rolls out paid leave for pregnancy loss

Goldman Sachs rolls out paid leave for pregnancy loss

Goldman employees are now eligible for 20 days of paid leave for a miscarriage or stillbirth. The investment banking giant is also increasing its retirement fund matching contribut
3 days ago