The state-sponsored hackers who breached US software provider SolarWinds earlier this year pivoted to Microsoft’s internal network, and then used one of Microsoft’s own products to launch attacks against other companies, Reuters reported today citing sources familiar with the investigation.
The news comes after the US Cybersecurity and Infrastructure Agency (CISA) published an alert earlier today about the SolarWinds supply chain attack and its impact on government agencies, critical infrastructure entities, and private sector organizations.
CISA said they had “evidence of additional initial access vectors, other than the SolarWinds Orion platform.”
A Microsoft spokesperson took a call earlier today but did not have anything to share before this article’s publication.
Microsoft now joins a list of high-profile entities that have been hacked via a backdoored update for the SolarWinds Orion network monitoring application.
The vast majority of these victims are US government agencies, such as:
- The US Treasury Department
- The US Department of Commerce’s National Telecommunications and Information Administration (NTIA)
- The Department of Health’s National Institutes of Health (NIH)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Department of Homeland Security (DHS)
- The US Department of State
- The National Nuclear Security Administration (NNSA) (also disclosed today)
- The US Department of Energy (DOE) (also disclosed today)
- Three US states (also disclosed today)
- City of Austin (also disclosed today)
The only private company which acknowledged getting hacked via the malware-laced SolarWinds platform is cybersecurity firm FireEye.
Both FireEye and Microsoft were the first security firms to confirm the SolarWinds hack on Sunday, both providing extensive reports of how the breach happened.
Both companies were also involved in an effort to sinkhole the domain used to command and control the malware used in the SolarWinds hack.
This is a developing story.