[ad_1]
SAN FRANCISCO: Microsoft Corp said Thursday that it found malicious software on its systems related to a massive hacking campaign disclosed by US officials this week, adding a higher technology target to a growing list of targeted government agencies.
The Redmond, Wash., Company is a user of Orion, SolarWinds Corp’s widely deployed network management software that was used in suspected Russian attacks on vital US and other agencies.
Microsoft also leveraged its own products to target victims, people familiar with the matter said. The US National Security Agency issued a rare “cybersecurity advisory” on Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and ordering users to lock down their systems.
“Like other SolarWinds customers, we have been actively looking for indicators from this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” said a Microsoft spokesperson, adding that the company found no indications. that our systems were used to attack others. “
One of the people familiar with the hacking wave said hackers made use of Microsoft’s cloud offerings and bypassed Microsoft’s corporate infrastructure.
Microsoft did not immediately respond to questions about the technique.
Still, another person familiar with the matter said the Department of Homeland Security (DHS) does not believe Microsoft is a key avenue for a new infection.
Both Microsoft and DHS, which on Thursday said hackers used multiple entry methods, are continuing to investigate.
The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.
The US Department of Energy also said it has evidence that hackers gained access to its networks as part of the campaign. Politico had previously reported that the National Nuclear Security Administration (NNSA), which manages the country’s nuclear weapons arsenal, was attacked.
A spokeswoman for the Department of Energy said that the malware “has been isolated only on commercial networks” and has not affected the national security of the United States, including the NNSA.
The DHS said in a bulletin Thursday that the hackers had used techniques other than corrupting updates to SolarWinds network management software, which are used by hundreds of thousands of businesses and government agencies.
CISA urged researchers not to assume that their organizations were secure if they were not using recent versions of the SolarWinds software, while noting that hackers did not exploit every network they gained access to.
CISA said it was continuing to analyze the other avenues used by the attackers. So far, hackers are known to have monitored at least email or other data within the US Defense, State, Treasury, Homeland Security and Commerce departments.
Up to 18,000 Orion customers downloaded the updates that contained a backdoor, SolarWinds said. Since the campaign was discovered, software companies have cut communication from those back doors to computers maintained by hackers.
But the attackers could have installed additional ways to maintain access, CISA said, in what some have called the biggest hack in a decade.
The Department of Justice, the FBI and the Department of Defense, among others, have moved routine communications to classified networks that are not believed to have been breached, according to two people briefed on the measures. They are assuming unclassified networks have been accessed, the people said.
CISA and private companies, including FireEye Inc, which was the first to discover and reveal that it had been hacked, have released a series of leads for organizations to search to see if they have been attacked.
But the attackers are very careful and have deleted records, electronic fingerprints or the files they have accessed, security experts said. That makes it difficult to know what has been taken.
Some major companies have said they “have no evidence” that they were penetrated, but in some cases that may be because the evidence was removed.
On most networks, the attackers could also have created fake data, but so far it appears they were only interested in obtaining real data, people tracking the probes said.
Meanwhile, members of Congress are demanding more information about what could have been taken and how, along with who was behind it. The Homeland Security Committee and the House Oversight Committee announced an investigation Thursday, while senators lobbied to find out if individual tax information was obtained.
In a statement, President-elect Joe Biden said he would “elevate cybersecurity as a government-wide imperative” and would “disrupt and deter our adversaries” from undertaking such major attacks.
(Reporting by Joseph Menn and Chris Bing; Editing by Chris Sanders and Christopher Cushing)
