Microsoft Corp. was violated as part of the massive hack that used a backdoor into SolarWinds software, as part of what the tech giant’s president called “ basically an attack on the United States. ”
Reuters reported on Thursday that after infiltrating Microsoft, hackers used its products to attack others.
While Microsoft MSFT,
officials confirmed the breach, denying the products were used to promote the hack.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we have detected malicious SolarWinds binaries in our environment, which we have isolated and removed,” said Microsoft spokesperson Frank Shaw said on Twitter. “We have found no evidence of access to production services or customer data. Our ongoing investigations have found absolutely no evidence that our systems were being used to attack others. ”
In a blog post Thursday, Microsoft President Brad Smith said, “This latest cyberattack is in fact an attack on the United States,” calling the hack “a moment of reckoning.”
The hack, first reported on Sunday, is arguably the most widespread and most harmful to have ever hit the US. grave. “
About 18,000 companies – including the vast majority of S&P 500 SPX,
corporations and US government agencies, such as Treasury and Commerce, were victims of the malware. SolarWinds SWI,
said Thursday it has already patched the software vulnerability. The Wall Street Journal reported on Thursday that the hackers were extremely covert and used never-before-seen hacking tools. The government and businesses are still figuring out how much information has been compromised.
Smith said Microsoft’s cybersecurity team agrees with FireEye FEYE’s conclusions,
CEO Kevin Mandia, who said a nation-state was most likely behind the attack. Russia is the prime suspect.
“The attack unfortunately represents a widespread and successful espionage attack on both the confidential information of the US government and the technical tools that companies use to protect them,” said Smith.
Smith warned that the attack is “underway” and said at least seven other countries have been affected, including Canada, the UK, Spain, Israel and the UAE. “It is certain that the number and location of victims will continue to grow,” he said.
“This is not ‘espionage as usual’, even in the digital age,” said Smith. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world. In fact, this is an attack not only on specific targets, but also on the trust and reliability of the world’s critical infrastructure. ”
He called for a strong, coordinated global response to cyber attacks, from both the private and public sectors, and made countries responsible for cyber attacks.
“We live in a more dangerous world, and it requires a stronger and more coordinated response,” Smith wrote.