TechTech News

Microsoft Says It Found Malicious Software Related to SolarWinds Hack in Its Systems

Save
Microsoft Says It Found Malicious Software Related to SolarWinds Hack in Its Systems
A Microsoft logo is seen on an office building in New York on July 28, 2015. (Mike Segar/Reuters)
Zachary Stieber
12/18/2020
Updated:
12/18/2020

Microsoft said Thursday that it found malicious software in its system, the same day the Department of Energy confirmed it was breached as part of a wide-ranging cyberattack.

A growing list of companies and government agencies are acknowledging being victims in a hack of SolarWinds Orion network.

The network was hacked through malware, or malicious software, according to cybersecurity experts.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” Microsoft said in a statement.

Microsoft declined to comment further.

The company said earlier this week that it was “monitoring a dynamic threat environment surrounding the discovery of a sophisticated attack that included compromised binaries from a legitimate software.”

Microsoft on Sunday sent detections that alerted customers to the presence of the malicious binaries and urged customers to consider any device with the binary as compromised.

The National Security Agency said in a cybersecurity advisory earlier Thursday that hackers could gain access to cloud services like Microsoft Office 365, and use that access to monitor or exfiltrate emails and documents.

The actor or actors behind the hack haven’t been determined, but cybersecurity experts say they have significant backing and stellar capabilities.

“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,” Microsoft President Brad Smith said in a blog post on Thursday.
SolarWinds said in a recent filing that up to 18,000 customers may have had the tainted software. The company ignored warnings that its software could be accessed using a simple password.

SolarWinds approximately 300,000 customers include government agencies and all five branches of the U.S. military, according to a partial customer listing it has since taken offline.

The Department of Homeland Security’s cybersecurity agency said Thursday that the hacking campaign is larger than previously known.

“One of the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products. CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the Cybersecurity and Infrastructure Security Agency (CISA) said in a statement.

SolarWinds Corp banner hangs at the New York Stock Exchange on the IPO day of the company in New York, on Oct. 19, 2018. (Brendan McDermid/Reuters)
SolarWinds Corp banner hangs at the New York Stock Exchange on the IPO day of the company in New York, on Oct. 19, 2018. (Brendan McDermid/Reuters)
A Department of Energy spokesperson confirmed to The Epoch Times that the agency was hacked.

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” a spokeswoman said in an emailed statement.

The administration is responsible for maintaining the U.S. nuclear weapons stockpile.

A Department of Commerce spokesperson previously told The Epoch Times that the agency was affected by the Orion malware.

Lawmakers, meanwhile, are pushing to learn more about the breach.

Sens. Charles Grassley (R-Iowa), and Ron Wyden (D-Ore.), the chairman and ranking member of the Senate Finance Committee, requested an urgent briefing to find out whether the hack compromised taxpayers’ personal data.
The House Homeland Security and Oversight committees sent a letter to top intelligence and national security officials, including Director of National Intelligence John Ratcliffe, announcing an investigation into the cyberattack and asking for information.
Ratcliffe’s office confirmed Wednesday that the hack has affected federal government networks. It said the FBI is investigating.