Microsoft discovered malware on its networks, adding to the list of companies affected by the hack of the Texas software maker SolarWinds.
Microsoft is users of SolarWinds’ Orion IT resource management platform, which has been updated with malware by hackers. According to Reuters, the company also has products that could be exploited by cybercriminals to further attack its customers. So, on Thursday, December 17, the US National Security Agency even published a security notice describing how certain Microsoft Azure cloud services could be compromised by cybercriminals and redirect users to further block their systems.
“Like other SolarWinds customers, we actively looked for malicious indicators and can confirm that we found SolarWinds malicious files in our environment, which were then isolated and removed,” Microsoft said, adding that the company has not identified any signs of using its systems for attacks on other users.
However, according to knowledgeable sources from Reuters, the hackers did use Microsoft’s cloud services, bypassing its corporate infrastructure.
In the course of its SolarWinds hack investigation, Microsoft identified more than forty of its clients attacked by hackers as part of this malicious operation. Although 80% of affected customers are located in the United States, organizations in seven additional countries have been targeted by attackers: Canada, Mexico, Belgium, Spain, United Kingdom, Israel and the UAE.
The list of victims of a malicious campaign consists not only of government organizations (18%), but also of IT companies (they account for the largest percentage of victims – 44%), non-governmental and scientific organizations (18%), government contractors (9%) and others organizations (11%).
Against the backdrop of these events, Microsoft called for a more effective global strategy to counter cyberattacks, involving the sharing of analytical data, strengthening international norms regulating the irresponsible behavior of government hackers, as well as tougher measures that make states accountable for cyberattacks.