Microsoft ensnared in SolarWinds hack; scope of breach grows

Microsoft president Brad Smith warns the SolarWinds hack reveals “an attack that is remarkable for its scope, sophistication and impact.”



Microsoft Corp. said its systems were exposed to the malicious malware used in the SolarWinds hack that targeted several U.S. states and federal agencies.

The Redmond, Washington company is a user of SolarWinds’ Orion IT software which hackers targeted to carry out the wide-ranging cyberattack that ripped through parts of the U.S. government. Once in Microsoft’s network, the company’s products were then used to further the attack on others.

It was not immediately clear how many Microsoft users were affected by compromised products. The Department of Homeland Security said earlier this week that hackers used multiple entry points to carry out one of the most sophisticated and large-scale attacks on American infrastructure.

Microsoft SolarWinds Hack Scandal

Microsoft has been working to notify “more than 40 customers that the hackers targeted more precisely and compromised through additional and sophisticated measures,” said the company’s president Brad Smith.

Microsoft has been working to notify “more than 40 customers that the hackers targeted more precisely and compromised through additional and sophisticated measures,” said the company’s president Brad Smith.

SolarWinds Hack: Scope widens

The United States government continues to face the aftermath of the recent SolarWinds cyberattack. Authorities have expressed concern over the scope of the hack that rattled top federal agencies, including the US Treasury, the energy department and the commerce departments. The hacking campaign is even said to have targeted the agency responsible for the nation’s nuclear weapons stockpile.

In a statement on Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) warned that it will be difficult to eliminate the malware inserted through SolarWinds Orion Network Management Products.

“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency said.

SolarWinds said earlier this week that up to 18,000 of its more than 300,000 customers had downloaded the trojanized version of its compromised software. Hackers introduced malware into the IT software provider’s popular network safety tool called Orion, which is used by numerous federal agencies and large corporations.

The hack began as early as March, when the malicious code was introduced to Orion. The malware gave the hackers remote access to an organization’s networks, including internal emails. The scope of the hack still remains unclear.

CISA said it was continuing to analyze the other entry methods used by the attackers. The hackers are known to have at least monitored email or other data within the US departments of defense, state, treasury, homeland security and commerce.

The agency did not identify behind the SolarWinds hack but private security companies suspect it could be the work of Russia.

Hours after the CISA alert was issued, the US Energy Department said it had evidence hackers gained access to their networks as part of the SolarWinds hacking spree. The department said the impact has been isolated to business networks and “has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA),” which oversees the nation’s stockpile of nuclear weapons.

A wake-up call

Federal authorities and cyber security experts are warning that the incident should serve as a wakeup call for both the government and private sector companies, as foreign elements will conduct similar attacks in the future.

As for Microsoft, Smith said the cyberattack “represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

We need a more effective national and global strategy to protect against cyberattacks,” he wrote in blog addressing the scope of the SolarWinds breach.

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

(Image: Unsplash)

Avatar
Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

M&As to leverage AI and deep learning post-Covid

M&As to leverage AI and deep learning post-Covid

In a post-COVID-19 world, the role of Mergers and Acquisitions (M&A) will be redefined. Companies striving to defend their existing markets and accelerate recovery are looking
1 day ago
Ryanair posts 1 billion euro annual loss

Ryanair posts 1 billion euro annual loss

Europe’s largest budget airline Ryanair Holdings Plc. has reported a better-than-expected annual post-tax loss of €815m as passenger numbers slumped by 81% to just 27.5 million
1 day ago
IRS and Justice Department investigating crypto exchange Binance

IRS and Justice Department investigating crypto exchange Binance

The US authorities are concerned that cryptocurrencies are being used for illegal transactions, especially on the dark web. Another concern is that Americans who have made fortunes
1 day ago
Hyundai commits $7.4 billion in US investment by 2025

Hyundai commits $7.4 billion in US investment by 2025

South Korea’s Hyundai Motor Co., announced on Thursday it will soon start manufacturing electric vehicles in the United States. The automaker plans to produce EVs, upgrade produc
4 days ago
US inflation report of 4.2 percent raises concerns

US inflation report of 4.2 percent raises concerns

The US reported the highest inflation recorded in the last dozen years at 4.2 percent in April, riding on government stimulus packages, improved energy prices, better spending and
4 days ago
Aon – Willis asset disposal aims to ease approval of $30 billion merger

Aon – Willis asset disposal aims to ease approval of $30 billion merger

Aon Plc and Willis Towers Watson have agreed to sell $3.6 billion worth of assets to rival Arthur J. Gallagher & Co. in a bid to appease European competition regulators over th
5 days ago