More than 40 customers of Microsoft across the world have been identified by the software giant that had been installed with the problematic versions of a third-party IT management program and that were particularly targeted by a hacking campaign of alleged Russian hackers that came to the forefront last week, said Microsoft in a blog post.
About 80 per cent of those identified companies were based in the United States while the rest were spread across Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
“It’s a certainty that the number and location of victims will keep growing,” said Microsoft President Brad Smith, and added that the affected organizations were being notified by the company.
The most clear and the most specific assessment available yet of the scope of the damage resulting from the hacking campaign were available from Microsoft’s analysis. The analysis indicated that the campaign was conducted in secretly through a third-party software program that was sold by the IT management company SolarWinds.
Orion, the software from SolarWinds which was used by the suspected Russian hackers to deliver the malware has been sold by the company to as many as 18,000 customers globally which includes a number of government agencies and departments, private firms and other entities.
The attack “reached many major national capitals outside Russia”, Microsoft said.
“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,” Smith wrote. “The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft.”
The cyber security company FireEye, which was also a target of cyber attack and which was the first to issue a warning about the supply chain attack, is jointly working with Microsoft in the investigation.
Victims of the cyber hacking campaign across several sectors and countries, including government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East, had also been previously identified by FireEye.
There were media reports on Thursday about Microsoft being affected by the cyber attack as well.
The vulnerability in its systems related to third-party software that had been used for the suspected Russian hacking campaign had been “isolated and removed” by it, Microsoft said.
The malicious code delivered by the suspected Russian hackers, according to US officials, was done using the updates to the software sold by SolarWinds. Microsoft said in its statement that the software was found in the company’s network.
The fact that Microsoft was also a victim of the cyber attack, in addition to investigating the malware, became evident from the statement of Microsoft, its first public acknowledgment of the attack.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” the statement said.
(Adapted from CNN.com)