Various organizations are grappling with the impact of a massive hacking campaign that compromised networks using SolarWinds’ Orion network management tools, and now Microsoft says it found “malicious binaries” on its systems. As Reuters reports, the NSA sent out a cybersecurity advisory on Thursday that specifically referenced Microsoft products like Azure and Active Directory as tools the attackers targeted to gain access to other resources.
In a statement, Microsoft confirmed it had found “malicious binaries” on its systems from the attacks, but found no access that anyone had accessed production services or customer data. Reuters also reported a source saying Microsoft cloud offerings were used by hackers in the attacks, but Microsoft claimed it has not found any evidence of that. ZDNet points out that an alert from US Cybersecurity and Infrastructure Agency (CISA) said the agency had evidence of “additional access vectors” beyond the Orion platform and the backdoor it contained, dubbed Sunburst or Solarigate. CISA said it’s continuing to investifate.