Microsoft Corp (NASDAQ:MSFT) has said that it found malicious software in the company’s systems associated with a hacking campaign that US officials disclosed last week. This adds a leading tech company to the long list of government agencies that have been under attack.
Microsoft Azure cloud offering compromised by hackers
The company uses Orion, a SolarWinds Corp networking management software that is widely deployed which Russian attackers used to hack critical US agencies. The Redmond, Washington-based company has its products being employed to attack victims according to sources familiar with the matter. On Thursday, the US National Security Agency delivered a “cybersecurity advisory” explaining how hackers compromised some of Microsoft Azure’s cloud services.The advisory directed users to secure their systems.
A Microsoft spokesperson said that they established that the company’s systems had not been used to attack others. The spokesperson added that like most SolarWinds clients, Microsoft has been looking actively at indicators of the actor and they detected malicious SolarWinds binaries in their system which they isolated and removed.
A source familiar with the hacking matter said that the actors used Microsoft cloud services but avoided the company’s corporate infrastructure. Although Microsoft has not responded regarding the technique, a person familiar with the matter indicated that the Department of Homeland Security (DHS) doesn’t see Microsoft as the main avenue for another infection.
Hackers corrupted SolarWinds system
According to DHS and Microsoft, the hackers employed several entry methods they are still investigating. Among the hacked entities is the US Energy Department which said that hackers had gained access to its network. Earlier on, politico had reported that the National Nuclear Security Administration was a target for hacking. A spokeswoman of the Energy Department said that they had isolated the malware to the business network only and the US national security which includes NNSA had not been impacted.
Interestingly, besides corrupting the SolarWinds network management software, the hackers also employed other techniques. The hackers monitored email and other information within the YS departments of State, Defence, Treasury, Commerce, and Homeland Security.