type here...
Security
Updated:

Microsoft Confirms Breach in SolarWinds Supply Chain Hack

By Sienna Rowley
3
0
Must Read
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. In her free time, she is a modest family woman who loves traveling.

Microsoft has confirmed that their security was breached in the recent SolarWinds attacks however denied that their software was jeopardized in a supply-chain to attack its clients.

Last weekend it was identified that those Russian state-sponsored hackers abused the network of SolarWinds and utilized their auto-update mechanism intending to spread backdoor to customers.

The threat actors used Solarigate (Microsoft) or Sunburst (FireEye) backdoor to infect the infrastructure of about 18,000 clients, including the U.S. Treasury, US NTIA, and the U.S. Department of Homeland Security.

A report was released later which stated that the sources identified that Microsoft was not just compromised in the recent SolarWinds supplychain attack but also had their software altered to spread malicious files to its customers.

In a statement, Microsoft agreed that it discovered trojanized SolarWinds Orion apps in its environment, however, denied the allegation against its clients.

Frank Shaw, the corporate vice president of communications at Microsoft stated that the SolarWinds clients have always been actively watching for signals of this backdoor and can affirm that we identified malicious Solar Winds binaries in our environment, which we separated and discarded. We haven’t observed proof of access to our production services or client data. Our ongoing investigations have found utterly no evidence that our systems were utilized to attack others.

Microsoft joined the list of few high-profile entities that have been hacked through a backdoored update for the SolarWinds Orion network monitoring application.

The high profile entities that were attacked are:

  • The US Treasury Department
  • The US Department of Commerce’s National, Telecommunications and Information Administration (NTIA)
  • The Department of Health’s National Institutes of Health (NIH)
  • The Cybersecurity and Infrastructure Agency (CISA)
  • The Department of Homeland Security (DHS)
  • The US Department of State
  • The National Nuclear Security Administration (NNSA)
  • The US Department of Energy (DOE)
  • Three US states
  • City of Austin

Recently, Microsoft Edge released version Beta 88 that brought in several improvements like a sleeping tab feature, vertical tabs, and some tools to enhance browser cookie management.

Subscribe to our newsletter for the latest security news right from the security and research industries. 

Previous articleBitcoin Surpasses $23,000 Mark To Hit All-Time High
Next articleOneWeb Plans to Offer High-Speed Internet in India by Q2 2022

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News
SecuritySienna Rowley -

DoppelPaymer ransomware operation getting rebranded, now named as Grief (alias Pay or Grief)

Doppel Paymer ransomware operation made a rebranding move. Following a period of little or no activity, now they are back...

More Articles Like This

Category

Links

Stay connected

Newsletter Signup

Copyright © 2021 Cloudhostnews | All rights reserved