Latest in Gear

Image credit: VCG via Getty Images

Microsoft confirms it found compromised SolarWinds code in its systems

Microsoft says it has not found evidence hackers breached customer data or used its systems to attack others.
Richard Lawler, @Rjcc
December 18, 2020
364 Shares
Share
Tweet
Share

Sponsored Links

SHANGHAI, CHINA - JUNE 06: A man walks past a logo of Microsoft outside an office building at Shanghai Caohejing Hi-Tech Park on June 6, 2020 in Shanghai, China. (Photo by Chen Yuyu/VCG via Getty Images)
VCG via Getty Images

Various organizations are grappling with the impact of a massive hacking campaign that compromised networks using SolarWinds’ Orion network management tools, and now Microsoft says it found “malicious binaries” on its systems. As Reuters reports, the NSA sent out a cybersecurity advisory on Thursday that specifically referenced Microsoft products like Azure and Active Directory as tools the attackers targeted to gain access to other resources.

In a statement, Microsoft confirmed it had found “malicious binaries” on its systems from the attacks, but found no access that anyone had accessed production services or customer data. Reuters also reported a source saying Microsoft cloud offerings were used by hackers in the attacks, but Microsoft claimed it has not found any evidence of that. ZDNet points out that an alert from US Cybersecurity and Infrastructure Agency (CISA) said the agency had evidence of “additional access vectors” beyond the Orion platform and the backdoor it contained, dubbed Sunburst or Solarigate. CISA said it’s continuing to investifate.

Microsoft:

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

Prior to issuing the statement Microsoft president Brad Smith wrote a long post about “the need for a strong and global cybersecurity response,” and said his company is working with more than 40 customers “that the attackers targeted more precisely and compromised through additional and sophisticated measures.” His focus appears to be on the incoming presidential administration, and what he considers necessary to deal with the threat of nation-state attacks on computer systems.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
364 Shares
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
The Morning After: Your smartwatch might detect signs of COVID-19 before you do

The Morning After: Your smartwatch might detect signs of COVID-19 before you do

View
Synthetic cornea helped a legally blind man regain his sight

Synthetic cornea helped a legally blind man regain his sight

View
Scientists may have found the background ripples of the universe

Scientists may have found the background ripples of the universe

View
Samsung’s 870 Evo boosts the performance of entry-level SSDs

Samsung’s 870 Evo boosts the performance of entry-level SSDs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr