Cybercriminals recently attacked the IT provider SolarWinds in order to send malicious software updates to around 18,000 customers and gain backdoor access to their networks. However, the hackers were selective in which customers they targeted.
Among the customers targeted in the hack were Microsoft; the Department of Energy; the National Nuclear Security Administration, which maintains the nation's nuclear weapons stockpile; and several other U.S. governmental agencies.
Microsoft stated that it has identified other victims of the breach and has notified more than 40 customers who were targeted and "compromised through additional and sophisticated measures."
Eighty percent of these notified victim were in the U.S.; 44 percent were in the information technology sector; and 18 percent were in government.
The president of Microsoft said the hack was an "attack on the United States and its government and other critical institutions." According to The Washington Post, the U.S. suspects a Russian state-sponsored hacking group called Cozy Bear is behind the breach.
Although Reuters reported that the hackers exploited Microsoft's tool to attack other victims, Microsoft stated that its ongoing investigations "have found absolutely no indications that our systems were used to attack others." It said that it "isolated and removed" malicious SolarWinds binaries before the malware infection caused any major damage. The statement also claimed that there was no evidence the hackers accessed production services or customer data.
The full scope of the breach is not yet known. New evidence suggests the hackers used a variety of tactics to access their targets' networks, meaning they may have done more than just spy on the U.S. government. Michael Kan "Microsoft Hit by SolarWinds Breach, Says It 'Isolated and Removed' the Malware" pcmag.com (Dec. 18, 2020).