Microsoft says its systems were exposed by a malicious Solarwinds hack
It is suspected that the hackers used Microsoft Cloud Services. The attackers removed their logs and digital footprints, making them difficult to track.
Microsoft announced Thursday that it has detected Solarwinds’ malicious binary in their environment that has now been isolated and removed. The company also said that Microsoft’s systems were used to hack others.
Uses Microsoft Orion, a network management software from SolarWinds that was suspected of being hacked by Russian invaders during their operations against US agencies and others. The list of infected companies is growing, adding to Microsoft’s influence as a tech giant.
“Like other SolarWinds customers, we are actively looking for indicators of this actor and can confirm that we have detected contaminated SolarWinds binary in our environment, which we have isolated and removed,” said a Microsoft spokesperson, adding that the company found “no”. Indicates that our systems were used to attack others. “
Some people familiar with the matter say that hackers have used Microsoft Cloud services, thus bypassing Microsoft’s corporate infrastructure. The US Department of Energy also has evidence that hackers gained access to its networks. The National Nuclear Security Administration (NNSA), which manages the country’s nuclear arsenal, was also the target of the attack.
The Department of Homeland Security (DHS) also said the attackers used Solarwinds to disrupt updates to Orion’s network management software, as well as other tactics used by hundreds of companies and government agencies.
As reported by CISA, about 18,000 Orion subscribers downloaded updates that included a backdoor to the patch reported by SolarWinds. Attackers could gain access to additional systems, as reported by CISA, which has called it one of the biggest hacks of the decade.
Attackers have been careful to remove the logs and digital footprints of the assessed files and systems. This makes it more difficult to detect what has been hacked. Some large companies report that they have no evidence of hacking, but this can only happen if the evidence has been removed.