Microsoft claims hackers have violated their networks with SolarWinds exploit
Microsoft reported that its servers and at least 40 customer organisations have been hit by a recent state-level attack involving hackers which had armed updates of SolarWinds Orion for target organizations worldwide.
Brad Smith, President of Microsoft, said the particular cyber attack on Thursday was a strong-spoken blog post, "a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them" and a strong global cyber security response to counter such an attack is needed.
After Microsoft acknowledged in a brief comment, Smith's statement came that he himself was not immune to a cyber attack. There is however no proof that hackers accessed the production systems or customer data of the organization behind the attack.
"We have been actively finding indicators from this player, and as other solarwinds customers, we can confirm that malicious solarwind binaries have been found, isolated and deleted in our setting.
"Not evidence of access to manufacturing services or consumer information has been identified. There is absolutely no proof that our programs have been used to attack other businesses through our current investigations," the company said.
Smith said the attack creates an almost global supply-chain vulnerability touching several large national capitals outside Russia in agreement with FireEye CEO Kevin Mandia that the cyber-attack was being performed by a country with top offensive potential.
Using a malware device to trojanize the SolarWinds Orion platform software upgrades was just a first vector for hackers to gain access to company IT systems. The fact that Orion software, with more than 33,000 customers in total, is used by government agencies, businesses and critical infrastructure companies around the world, allowed attackers to target a thousand organizations.
However the attackers did not execute secondary attacks against any of the organizations that downloaded the software updates from Trojan. Instead, they chose to choose the ones they wanted to further target in a more narrow and concentrated way from within victims organizations. At least 40 of Microsoft's customers have been more effectively targeted and compromised by additional sophisticated steps.
Although it is claimed that the attackers target specific government departments including the Pentagon, the State Department, the Homeland Security Department, the US, etc. U.S. and Treasury Microsoft's study of the Department of Commerce has shown that 44% of targeted organizations are within the IT market, 18% are think tanks or NGOs, 18% are public organizations and 9% are government contractor organizations.
"This is not 'spionage as usual' even in the digital age but it is a reckless act that creates a major technical weakness for the U.S. and the world," Smith said in the blog post, "which is important if we take the whole issue of how these attacks are relevant in its entirety."
"In essence this is not only an assault on individual targets, but on the trust and reliability of the vital infrastructure of the world to advance the intelligence agency of a single nation. While the recent attack seems to represent a particular emphasis on the US and many other democracies, it also strongly reminds that people in virtually all countries are vulnerable and need a solution.
Smith added that it would take an unprecedented degree of cooperation between private and public sectors as well as democratic Governments which are regularly targeting authoritarian countries with powerful cyber-tools to protect themselves against these sophisticated supply chains attacks.
It will take many parties, however, perhaps most significantly, it must begin with an understanding that governments and the technology industry need to act together It will be crucial to ensure that we have a better and more efficient national and global approach to defending against cyber attacks.
"Where authoritarian countries are threatening the world's democracies, the exchange of knowledge and best practice and cooperation on cybersecurity, but also protective steps and responses, are more critical than ever for democratic governments to cooperate.
"Today, the technology infrastructure, from data centres, to fiber optic cables, is mostly owned and operated by private companies which are not only a large part of the infrastructure which needs to be secured, but also the area surface where new cyberattacks are usually first found.
A suspected Russian cyber attack struck a number of federal government agencies and, it is believed, gained access to corporate networks by installing malicious code in a widely used software program from SolarWinds Corp. Microsoft Corp. said that its systems were also exposed as part of the attack. Microsoft President and Chief Legal Officer Brad Smith discusses the attack