The breach targeted several US government agencies and is believed to have been carried out by Russian nation-state hackers. Microsoft president Brad Smith warned that the wide-ranging hack of the SolarWinds’ Orion it software is’remarkable for its scope, sophistication and impact’.
Smith described the hack as’an act of recklessness that created a serious technological vulnerability for the United States and the world’. Smith laid out in no uncertain terms just how large and how dangerous Microsoft believes the hack to be.
The post stops short of explicitly accusing Russia, but the comment is very clear.’the weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks,’ Smith said.
Map shows people who had installed versions of the Orion software that contained malware from the hackers. Smith included a map that used telemetry taken from Microsoft’s defender anti-virus software to show how far-reaching the hack was.
Approximately 80 percent of those customers are located in the US. Microsoft also identified victims in Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE.
The FBI, the cybersecurity and infrastructure security agency (CISA) and the office of the director of national intelligence (ODNI) issued a joint statement on Wednesday. Smith warned that’we should all be prepared for stories about additional victims in the public sector and other enterprises and organizations’.
Earlier on Thursday, Reuters reported that Microsoft had been hacked as part of the breach. But Microsoft denied that claim in a statement to the verge:’it also had its own products leveraged to further the attacks on others’.
We have been actively looking for indicators of this actor. We have not found evidence of access to production services or customer data. Our investigations have found absolutely no indication that our systems were used to attack others.
Microsoft and a coalition of tech companies seized control of SolarWinds Orion that contained the malware. Microsoft has been responding to the breach since December 13th.
Solarwinds hid a list of high-profile clients from its website. The list included more than 425 of the companies on the Fortune 500.