[ad_1]
SAN FRANCISCO: Microsoft was breached in the massive hacking campaign uncovered by US officials this week, according to people familiar with the matter, adding a higher technology target to a growing list of vital government agencies.
The Redmond, Wash., Company used SolarWinds’ widely deployed network management software that was used in suspected Russian attacks on US and other agencies. It also had its own products leveraged to promote the attacks on others, the people said.
Reuters could not immediately determine how many Microsoft users were affected by the tainted products. The Department of Homeland Security, which said earlier Thursday that the hackers used multiple methods of entry, continues to investigate.
Microsoft did not immediately respond to a request for comment.
The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.
The US Department of Energy also said it has evidence that hackers gained access to its networks as part of a massive cyber campaign. Politico had previously reported that the National Nuclear Security Administration, which manages the country’s nuclear weapons arsenal, was attacked.
A spokeswoman for the Department of Energy said that the malware “has been isolated only on commercial networks” and has not affected the national security of the United States, including the NNSA.
READ: US intelligence agencies warn cyberattack on government ‘is ongoing’
The Department of Homeland Security said in a bulletin Thursday that the spies had used techniques other than corrupting updates to SolarWinds network management software, which is used by hundreds of thousands of businesses and government agencies.
“SolarWinds Orion’s supply chain engagement is not the only initial infection vector that this APT actor exploited,” said DHS ‘Cybersecurity and Infrastructure Security Agency, referring to adversaries of “advanced persistent threats.”
CISA urged the researchers not to assume that their organizations were secure if they were not using recent versions of the SolarWinds software, and also noted that the hackers did not exploit all the networks they gained access to.
SolarWinds Corp’s banner hangs at the New York Stock Exchange (NYSE) on the day of the company’s IPO in New York, October 19, 2018 (Photo: REUTERS / Brendan McDermid).
CISA said it continues to analyze the other avenues used by the attackers. So far, hackers are known to have monitored at least email or other data within the US Defense, State, Treasury, Homeland Security and Commerce departments.
Up to 18,000 Orion customers downloaded the updates that contained a backdoor. Since the campaign was discovered, software companies have cut communication from those back doors to computers maintained by hackers.
But the attackers could have installed additional ways to maintain access in what some have called the biggest hack in a decade.
READ: Hackers at the center of a sprawling spy campaign turned SolarWinds dominance against you
For that reason, officials said security teams must communicate through special channels to ensure their own detection and remediation efforts are not being monitored.
The Department of Justice, the FBI and the Department of Defense, among others, have moved routine communications to classified networks that are not believed to have been breached, according to two people briefed on the measures. They assume that unclassified networks have been accessed.
CISA and private companies, including FireEye, which was the first to discover and reveal that it had been hacked, have released a series of clues for organizations to search to see if they have been attacked.
But the attackers are very careful and have deleted records, electronic fingerprints or the files they have accessed. That makes it difficult to know what has been taken.
Some major companies have issued carefully worded statements saying they “have no evidence” that they were penetrated, but in some cases that may be because the evidence was removed.
On most networks, the attackers could also have created fake data, but so far it appears they were only interested in obtaining real data, people tracking the probes said.
Meanwhile, members of Congress are demanding more information about what could have been taken and how, along with who was behind it. The Homeland Security Committee and the House Oversight Committee announced an investigation Thursday, while senators lobbied to find out if individual tax information was obtained.
In a statement, President-elect Joe Biden said he would “elevate cybersecurity as a government-wide imperative” and would “disrupt and deter our adversaries” from undertaking such major attacks.
