Microsoft says it found malicious Solar Winds software on its systems

Microsoft said Thursday it found malicious software in its systems linked to a massive hacking campaign released by US officials this week, adding a top technology target to a growing list of attacked government agencies.

The Redmond, Washington company uses Orion, SolarWinds’ widely used network management software that was used in the alleged Russian attacks on key US authorities and others.

Microsoft also used its own products to attack victims, according to those familiar with the matter.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we have discovered harmful Solar Winds binaries in our environment that we have isolated and removed,” said a Microsoft spokesman, adding that the company found “no” evidence that our systems were used to attack others. “

One of the people familiar with the Hacking Spree said that the hackers had used Microsoft cloud offerings and avoided Microsoft’s corporate infrastructure.

Microsoft didn’t immediately respond to questions about technology.

Another person familiar with the matter said the Department of Homeland Security (DHS) didn’t think Microsoft was a major avenue for new infections.

Both Microsoft and DHS, who said the hackers used multiple input methods earlier Thursday, are still investigating.

The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.

The US Department of Energy also said it had evidence that hackers gained access to its networks as part of the campaign. Politico had previously reported that the National Nuclear Security Administration (NNSA), which manages the country’s nuclear weapons stocks, has been targeted.

A Department of Energy spokeswoman said malware is “restricted to corporate networks only” and has no impact on US national security, including the NNSA.

The DHS said in a bulletin Thursday that the hackers used techniques other than corrupting SolarWinds updates to network management software used by hundreds of thousands of businesses and government agencies.

CISA urged investigators not to assume that their organizations are safe if they are not using the latest versions of SolarWinds software, pointing out that the hackers were not exploiting every network they had access to.

CISA said it would continue to analyze the other avenues used by the attackers. So far, it is known that the hackers have at least monitored e-mails or other data in the US Departments of Defense, State, Treasury, Homeland Security and Commerce.

According to SolarWinds, up to 18,000 Orion customers downloaded the updates, which included a backdoor. Since the campaign was discovered, software companies have cut communications from these backdoors to the computers being maintained by the hackers.

However, according to CISA, the attackers may have installed additional ways to maintain access in what some have dubbed the biggest hack in a decade.

The Department of Justice, the FBI and the Department of Defense, among other things, have moved routine communications to classified networks that are believed not to have been harmed, according to two people who were briefed on the measures. They assume the unclassified networks have been accessed, people said.

CISA and private companies, including FireEye, which was the first to discover and reveal that it was hacked, have released a series of leads that companies must look for to see if they have been hit.

But the attackers are very careful and deleted logs or electronic footprints or the files they accessed, security experts said. That makes it hard to know what was taken.

Some large corporations have stated that they have “no evidence” that they invaded, but in some cases it may only be because the evidence has been removed.

On most networks, the attackers would have been able to create fake data as well, but so far they only seem interested in getting real data, said the people tracking the probes.

In the meantime, members of Congress are calling for more information on what and how may have been recorded and who is behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday while the Senators pressed to see whether individual tax information was obtained.

In a statement, President-elect Joe Biden said he would “increase cybersecurity as a commandment across the government” and “disrupt and discourage our adversaries” from carrying out such major hacks.

© Thomson Reuters 2020

Is the MacBook Air M1 the portable beast of a laptop you’ve always wanted? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, Download the episodeor just hit the play button below.


Source link :