Microsoft Identifies More than 40 Organizations Victims of Cyberattacks
TEHRAN (Tasnim) - Microsoft identified more than 40 of its customers around the world that had problematic versions of a third-party IT management program installed and were the specific target of the alleged Russian hacking campaign disclosed this week, the company said in a post. Blog on Thursday.
The tech company said that 80% of those victims are in the US, while the remainder are in seven other countries: Mexico, Spain, Canada, Belgium, the UK, Israel and the United Arab Emirates.
“It is a certainty that the number and location of victims will continue to grow,” said Microsoft president Brad Smith, adding that the company has worked to notify affected organizations, CNN reported.
Microsoft’s analysis represents the clearest and most specific assessment yet of the extent of the damage caused by the hacking campaign, which was carried out in secret through a third-party software program sold by SolarWinds, an IT management company.
The software that the alleged Russian malware was delivered with, SolarWinds Orion, has as many as 18,000 global customers, including government agencies, private companies, and other organizations. Microsoft said Thursday that the attack “reached many major national capitals outside of Russia.”
“Unfortunately, the attack represents a comprehensive and successful spy-based assault on both the confidential information of the United States government and the technological tools used by companies to protect it,” Smith wrote. “The attack is ongoing and cybersecurity teams from the public and private sectors, including Microsoft, are actively investigating and addressing it.”
Microsoft has been working as an investigative partner for cybersecurity firm FireEye, which is also a victim and issued the first warning about the supply chain attack.
Previously, FireEye also identified victims in various sectors and countries, including government, consulting, technology, telecommunications and extractive entities in North America, Europe, Asia and the Middle East.
Early Thursday, Reuters reported that Microsoft had also been compromised. The company said it has “isolated and removed” a vulnerability in its systems linked to third-party software that had facilitated an alleged Russian hacking campaign.
Updates to the software sold by SolarWinds were used as a carrier of malicious code that US officials believe may be linked to Russia. That software was found on Microsoft’s network, the company said in a statement Thursday night.
The statement marks Microsoft’s first public acknowledgment that, in addition to investigating malware, it was also a victim of it.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” the statement said.
Microsoft has found no evidence that an actual data breach occurred or that attackers exploited its access, the company added. The company rejected a Reuters report that suggested Microsoft products had been used to compromise other victims.
“Our investigations, which are ongoing, have found absolutely no indication that our systems have been used to attack others,” Microsoft said.