Microsoft Confirms Breach in SolarWinds Supply Chain Hack

Must Read
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

Microsoft has confirmed that their security was breached in the recent SolarWinds attacks however denied that their software was jeopardized in a supply-chain to attack its clients.

Last weekend it was identified that those Russian state-sponsored hackers abused the network of SolarWinds and utilized their auto-update mechanism intending to spread backdoor to customers.

The threat actors used Solarigate (Microsoft) or Sunburst (FireEye) backdoor to infect the infrastructure of about 18,000 clients, including the U.S. Treasury, US NTIA, and the U.S. Department of Homeland Security.

A report was released later which stated that the sources identified that Microsoft was not just compromised in the recent SolarWinds supplychain attack but also had their software altered to spread malicious files to its customers.

In a statement, Microsoft agreed that it discovered trojanized SolarWinds Orion apps in its environment, however, denied the allegation against its clients.

Frank Shaw, the corporate vice president of communications at Microsoft stated that the SolarWinds clients have always been actively watching for signals of this backdoor and can affirm that we identified malicious Solar Winds binaries in our environment, which we separated and discarded. We haven’t observed proof of access to our production services or client data. Our ongoing investigations have found utterly no evidence that our systems were utilized to attack others.

Microsoft joined the list of few high-profile entities that have been hacked through a backdoored update for the SolarWinds Orion network monitoring application.

The high profile entities that were attacked are:

  • The US Treasury Department
  • The US Department of Commerce’s National, Telecommunications and Information Administration (NTIA)
  • The Department of Health’s National Institutes of Health (NIH)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The Department of Homeland Security (DHS)
  • The US Department of State
  • The National Nuclear Security Administration (NNSA)
  • The US Department of Energy (DOE)
  • Three US states
  • City of Austin

Recently, Microsoft Edge released version Beta 88 that brought in several improvements like a sleeping tab feature, vertical tabs, and some tools to enhance browser cookie management.

Subscribe to our newsletter for the latest security news right from the security and research industries. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

DoppelPaymer ransomware operation getting rebranded, now named as Grief (alias Pay or Grief)

Doppel Paymer ransomware operation made a rebranding move. Following a period of little or no activity, now they are back...

More Articles Like This