Microsoft says its systems were exposed in a malicious SolarWinds hack

Updated on 18-Dec-2020
HIGHLIGHTS

The Orion update had a backdoor installed in it.

Attackers have deleted their logs and digital footprints that make it harder to track them.

It is suspected that hackers made use of Microsoft cloud services.

Microsoft on Thursday announced that it has detected malicious binaries of SolarWinds in their environment which have now been isolated and removed. The company also stated that Microsoft’s systems were used to hack others.

Microsoft uses Orion, which is a network management software by SolarWinds which was suspected to be hacked by Russian attackers during their raid on US agencies and others. The list of agencies and companies that have been infected is increasing day by day adding Microsoft as a tech giant that was affected by it.

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed," a Microsoft spokesperson said, adding that the company had found "no indications that our systems were used to attack others."

Some people familiar with the matter said that hackers made use of Microsoft Cloud services, thus avoiding Microsoft’s corporate infrastructure. The US Energy Department also has evidence that hackers gained access to its networks. The National Nuclear Security Administration (NNSA), which manages the country's nuclear weapons stockpile, was also targeted in the attack.

The Department of Homeland and Security(DHS) also stated that the attackers used other techniques besides corrupting updates of network management software Orion by SolarWinds, which is used by hundreds of companies and government agencies.

As reported by CISA, almost 18,000 Orion customers have downloaded updates that had a backdoor included in the patch reported by SolarWinds. Attackers might have gained access to additional systems as reported by CISA which also calls this one of the biggest hacks in the decade.

Attackers have been careful to delete logs and digital footprints of files and systems that were assessed. What this does is make it much harder to identify what has been hacked. Some major companies report they have no evidence of the hack, but it might only be the case that evidence was eradicated.

Daksh Khorana

A Tech wanderer, with a craving for newest tech in the Alpha Stage.

Connect On :