Microsoft has confirmed that it was one of the companies damaged in the recent SolarWinds supply chain attack, but the IT giant denies that the nation-state’s companies have disrupted its software supply chain to infect its customers.
Last week, Russian-linked hackers broke through SolarWinds, using Trojans’ SolarWinds Orion commercial software updates to distribute backdoors tracked to SUNBURST, also known as Microsoft.
The company notified about 33,000 Orion customers about the incident, but argued that the number of customers using the rebound version of the product could be less than 18,000.”
Microsoft also compromised SolarWinds’ supply-chain attacks, allowing hackers to break their software to distribute malware to its customers, according to a Reuters report, citing anonymous sources familiar with the investigation.
“Like SolarWinds’ web management software, Microsoft’s own products were then used to further attack others,” the person said. Reporting by Reuters.
“It’s not clear how many Microsoft users are affected by these contaminated products.”
Basically, the report notes that Microsoft itself was a victim of supply chain attacks, which the company denies.
Microsoft issued the following statement in response to the media release report.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we have detected and isolated and deleted malicious SolarWinds binary files in our environment. We have not found evidence of access to production services or customer data. Our ongoing investigation found no evidence that our systems had been used to attack others. “
Frank Shaw, Microsoft’s vice president of communications, confirmed that the company detected multiple malicious SolarWinds binary files in its environment, but did not include the impact on the company’s customers.
The Bureau of Cybersecurity and Infrastructure Security (CISA) has issued an alert warning that Advanced Continuing Threats (APT) participants could harm U.S. government agencies, critical infrastructure entities and private sector organizations from at least March 2020. The APT team carried out the attack, demonstrating patience, operational security and sophisticated technical techniques during these intrusions.