Microsoft says it was hit by the SolarWinds cyberattack but has not found evidence its products or customer data were affected
Microsofton Thursday said it was hit by the sweeping SolarWindscybersecurity hack, but the company denied a Reuters report indicating its products and services may have been compromised.
- Reuters reported that Microsoft's services may have been subverted by the attackers in a way that would make the tech titan's customers vulnerable. "We believe the sources for the Reuters report are misinformed or misinterpreting their information, Microsoft said.
- Microsoft did confirm that it found and removed elements of the SolarWind hack from its system.
- Government agencies and companies have been discovering the apparent nation-state attack this week, including reports that the Department of Energy was affected.
Microsoft on Thursday said its systems had been affected by the SolarWinds hack but denied a report that its services had been subverted to compromise the tech titan's customers.
Reuters reported earlier Thursday that Microsoft was swept up in the sweeping SolarWinds cyberattack, making its systems vulnerable to bad actors. Furthermore, Reuters said the company's products had been compromised by the attackers, potentially putting customers of Microsoft products like Office 365 or Azure at risk.
In response, Microsoft confirmed it was affected by the sweeping supply-chain cybersecurity attack stemming from SolarWinds IT software - but categorically denied that customer data or its own products were at risk. "We believe the sources for the Reuters report are misinformed or misinterpreting their information," the company told Business Insider in a statement.
"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed," the Microsoft spokesman Frank Shaw said in an additional statement Thursday afternoon. "We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."
In a lengthy blog post published Thursday evening, Microsoft's president, Brad Smith, wrote that SolarWinds "is effectively an attack on the United States" and "provides a moment of reckoning." Smith called for "more effective and collaborative leadership by the government and the tech sector."
Microsoft also reiterated what it said in a blog post Sunday: "We also want to reassure our customers that we have not identified any Microsoft product or cloud service vulnerabilities in these investigations." In that same Sunday statement, the company said it was "also actively looking for indicators in the Microsoft environment and, to date, have not found evidence of a successful attack."
Earlier Thursday, the
"Volexity has also reported publicly that they observed the APT using a secret key that the APT previously stole in order to generate a cookie to bypass the Duo multi-factor authentication protecting access to Outlook Web App," CISA wrote.
Cybersecurity experts said Microsoft was not necessarily free and clear from any further damage from the SolarWinds intrusion the company says it addressed. "That doesn't mean there isn't a persistent threat actor in there," said Mike Hamilton, the former chief information security officer for Seattle who now holds that role for the incident-response firm CI Security. "They had bad guys in their networks. And it makes sense that they would get hit because they are such a high-value target."
"I would be concerned, considering CISA's note about two-factor authentication related to Microsoft and what they are now reporting that there could be some potential vulnerability," said Frank Downs, a former National Security Agency analyst who is now the director of incident response at the firm BlueVoyant.
The attacks, cited by many experts as coming from a nation-state actor such as Russia, have hit a growing list of enterprises this week, including signs of hacks Thursday at the Department of Energy.
- Billionaire investor Mark Mobius says he's been able to get his money out of China, but investing in the country is still a 'dilemma' amid national security laws
- The Carnival cruise passenger who went overboard and remains missing was on his first cruise and it became his 'happy place,' his fiancée said
- My fiancé and I picked out my engagement ring together before he proposed, and I don't regret missing out on the surprise
- Coal India’s ₹4,000 crore offer for sale subscribed 4x times
- Nvidia's Jensen Huang started with a $10 million failure before shifting gears to become a $1 trillion company
- Meet the top Nifty50 performers in FY23
- Apple to declare the 12-inch MacBook as obsolete on June 30
- Xiaomi 13 Ultra first impressions: Razor sharp camera in a faux leather-back design