SolarWinds cyberattack affects thousands of Microsoft users

Microsoft has just confirmed that it was affected by the recent SolarWinds hack, although it ruled out a supply chain compromise to infect its customers. A few days ago it was reported that a hacking group allegedly sponsored by the Russian government managed to compromise the mechanism of updating a SolarWinds product to install a backdoor among users.

The attack is related to malware identified as Solarigate or SUNBURST, which would have been injected into the networks of more than 18,000 organizations worldwide. A post-release report from Microsoft states that the company was affected by the attack on the supply chain, plus hackers managed to modify the software for the distribution of malicious files.

Microsoft confirmed that malicious SolarWinds binaries were detected in its environments, although the company made it clear that its users were not compromised: “We have remained attentive to the detection of engagement indicators; the detected malicious binaries were isolated and removed as soon as possible.” Among the victims of the SolarWinds attack are multiple U.S. government organizations, including:

  • National Telecommunications and Information Administration (NTIA)
  • U.S. Department of State
  • National health infrastructure
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • Department of Homeland Security (NHS)
  • Department of Energy (DOE)
  • National Nuclear Safety Administration (NNSA)
  • Three U.S. states that were not specified

The network management products developed by SolarWinds are used by organizations around the world, so the cybersecurity community expects the number of victims to grow in the coming days.