San Francisco (Reuters)-Microsoft Corp discovers malicious software in its system related to a large-scale hacking campaign unveiled this week by U.S. officials on Thursday, placing top technology targets on the growing list of attacked government agencies He said he added it.
The company in Redmond, Washington was a user of Orion, SolarWinds Corp’s widely deployed network management software, and was used on suspicion of a Russian attack on key US agencies and others.
Microsoft was also leveraging its own product to attack victims, people familiar with the matter said.
“Like other SolarWinds customers, we are actively looking for indicators for this actor, and we can confirm that we have detected malicious SolarWinds binaries in our environment and isolated and removed them. “It shows that our system was used to attack others,” said a Microsoft spokeswoman.
One hacker savvy said that hackers used Microsoft cloud products while avoiding Microsoft’s corporate infrastructure.
Microsoft did not immediately answer questions about this technique.
Still, another person familiar with the matter said the Department of Homeland Security (DHS) did not consider Microsoft to be the primary means of new infections.
Microsoft and the DHS said earlier Thursday that hackers used multiple intrusion methods, but are continuing to investigate.
The FBI and other agencies are planning a confidential briefing for members of the House of Representatives on Friday.
The US Department of Energy also said there was evidence of hackers accessing the network as part of the campaign. Politico previously reported that the National Nuclear Security Administration (NNSA), which controls the country’s nuclear weapons stockpile, was targeted.
A Department of Energy spokeswoman said the malware was “isolated only into the business network” and did not affect US national security, including NNSA.
The DHS said in a Thursday bulletin that hackers used other techniques besides destroying updates to SolarWinds’ network management software used by hundreds of thousands of companies and government agencies.
Trade Commission-Free with Trader Brokerage
The CISA urged investigators not to assume that the organization is safe if they did not use the latest version of SolarWinds software. He also pointed out that not all networks accessed by hackers were abused.
The CISA said it is continuing to analyze the other means used by the attackers. So far, hackers are known to monitor email and other data, at least within the US Department of Defense, the Department of Defense, the Treasury, the Department of Homeland Security, and the Department of Commerce.
As many as 18,000 Orion customers have downloaded updates, including backdoors, according to SolarWinds. Since the campaign was discovered, software companies have blocked communication from these backdoors to hacker-controlled computers.
However, according to the CISA, the attacker may have installed additional methods to maintain access, sometimes referred to as the biggest hack in 10 years.
The Ministry of Justice, the FBI, the Pentagon, and others have moved their day-to-day communications to a classified network that appears to be unbroken, according to two people who were briefed on the action. They assume that unclassified networks have been accessed, people said.
CISA and private companies, including FireEye Inc, which first discovered and revealed the hack, have released a series of clues to see if an organization has been attacked.
However, security experts say the attackers were very careful in deleting logs, electronic footprints, or accessed files. Therefore, it is difficult to know what was taken.
Some large companies have stated that there is “no evidence” of the intrusion, but in some cases it is simply because the evidence has been removed.
On most networks, an attacker could have created the wrong data, but so far the attacker seems to be only interested in getting the actual data, tracking the probe. People said.
Meanwhile, Congressmen are asking for more information about what was done and how it was done, and who was behind it. The House Department of Homeland Security and Oversight Committee released an investigation on Thursday, and Senators pressured to know if personal tax information was available.
In a statement, President-elect Joe Biden said, “It is a government-wide obligation to increase cybersecurity” and “confuse and deter enemies.”
Report by Joseph Men and Chris Bin. Edited by Chris Sanders and Christopher Cushing.