What you need to know
- Microsoft identified over 40 of its customers that have been targeted by the SolarWinds supply chain attack.
- More than 80 percent of the identified victims were located in the United States.
- The attack targeted government agencies, security firms, technology firms, government contractors, and more.
Microsoft identified over 40 of its customers that have been targeted by the recent cyberattack that utilized the SolarWinds Orion platform (via ZDNet). Microsoft discovered this information with data from Microsoft Defender. The attacks surfaced last week after security firm FireEye stated that state-sponsored hacking groups used a malware-laced version of SolarWinds Orion, which is a popular network monitor tool for enterprises. SolarWinds shared a press release on the Cyber Attack.
The attacks targeted government agencies and went after security firms, technology firms, government contractors, and more.
SolarWinds explains that the "attack was very sophisticated supply chain attack, which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software." According to SolarWinds, around 18,000 customers installed trojanized updates.
Microsoft president, Brad Smith, outlines the attack and its far-reaching effects in great detail in a blog post. Smith highlights that "This is not 'espionage as usual,' even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."
Microsoft took several steps this week to protect customers, including seizing the web domain that was used to report information to cyberattackers. Microsoft worked with GoDaddy and FireEye to turn the domain into a kill switch to prevent malware from reporting back and downloading a second-stage payload for attacks.
Reuters initially reported that hackers utilized the attacks to access Microsoft's internal network, but Microsoft issued a statement denying that the attacks were able to access production services or customer data:
Microsoft identified over 40 of its customers targeted by the attack that have been compromised through "additional and sophisticated measures." Microsoft is working to notify these customers. According to Microsoft, roughly 80 percent of the targeted customers are in the United States, but there are also victims in seven other countries; Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the UAE. Smith states that "It's certain that the number and location of victims will keep growing."
"We are witnessing an attack by a nation with top-tier offensive capabilities," said FireEye CEO Kevin Mandia in a blog post on the attacks.
Microsoft states that "The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft."
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at email@example.com.