Suspected Russian Hackers Targeted Cyber Firm Malwarebytes. The disclosure adds to the ever-growing picture of the compromises associated with the SolarWinds hack. The agency said the attackers demonstrated “sophistication and complex tradecraft.”. An illicit account associated with the widespread SolarWinds hack was used to view some of Microsoft’s internal source code, the company disclosed Thursday morning. The company is a customer of SolarWinds Corp., whose software the hackers are believed to have used to gain access to networks by installing malicious code. Microsoft … What experts expect under Biden administration, Seattle entrepreneur Todd Hooper raises cash for mysterious new startup Aardvark Labs, Seattle startup vet Bob Crimmins launches new accelerator based on ‘GroundWork’ methodology, Amazon will host a pop-up COVID-19 vaccination clinic at its headquarters in Seattle, Federal judge cites U.S. Capitol breach in denial of Parler’s initial motion for reinstatement on AWS, WTIA names 22 Washington tech startups selected for latest Founder Cohort Program, Amazon’s Halo tests the limits of personal privacy, and offers a glimpse of the future of health, Microsoft, Apple, Auth0 vets raise $3.3M for Seattle software integration startup Fusebit, ‘Venture capital loves destruction’: A startup veteran’s take on 2020’s record investment totals, Books by young inaugural poet Amanda Gorman become quick best sellers on Amazon, Bill Gates ready to tackle toughest challenges with President Biden after ‘troubling time in America’, its post on the Microsoft Security Response Center blog, has shifted to Stage II of Budd’s “hack scale,”, Lead Software Development Engineer – Test, GeekWire Technology and Business Reporter. Malwarebytes said it first learned of the infection from Microsoft on December 15, two days after the SolarWinds hack was first disclosed. ET First Published: Jan. 22, 2021 at 4:48 p.m. SolarWinds, based in Austin, Texas, said about 18,000 customers may have installed the compromised software. The U.S. Cybersecurity and Infrastructure Security Agency said previously that the attacks pose “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”, In its Thursday post, Microsoft says its internal practices start with the assumption that a hacker will gain access in a breach, and work to prevent further infiltration or damage. The company is a customer of SolarWinds Corp., whose software the hackers are believed to have used to gain access to networks by installing malicious code. Major U.S. government agencies are among those impacted. One Microsoft account compromised by suspected Russian hackers had been used … Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its […] Before it's here, it's on the Bloomberg Terminal. WATCH: Microsoft President Brad Smith discusses the cyber attack on "Bloomberg Technology.". However, the attacks are believed to have been taking place surreptitiously since March. Cyber Firm SonicWall Says It Was Victim of ‘Sophisticated’ H... Parler’s New Partner Has Ties to the Russian Government. Amid its investigation of its own networks, Microsoft also had 500 employees helping customers monitor and cope with the attack. The tool is meant to help organizations determine if the SolarWinds hackers got into Microsoft 365. Microsoft has been responding to the hack since December 13th, including blocking versions of SolarWinds Orion that contained the malware. The company also reiterated that it has yet to find evidence that hackers accessed live services or customer data, or used Microsoft’s systems to attack others. Separately, Microsoft said Thursday in a blog post about the broader cyber-attack that it identified and has been working this week to notify more than 40 customers that the hackers targeted more precisely and compromised through additional and sophisticated measures. The hackers were meticulous in covering their tracks. Microsoft says SolarWinds hackers viewed source code, but its defenses thwarted further access. As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks.Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want to share an update from our ongoing internal investigation. The software giant’s involvement emerged as the wider repercussions of the far-reaching hack became more clear. Subscribe to GeekWire's free newsletters to catch every headline, presented by First Tech Federal Credit Union, A list of good things that happened this year in the world of tech, science, education, and more, Watch the epic first-ever virtual Space Needle light show for New Year’s celebration in Seattle, What the Biden administration means for tech, from the future of work to regulatory crackdowns, Microsoft’s Erik Arnold merges passion for tech and philanthropy to help nonprofits gain digital success, Gates Foundation gives millions to help persuade ultra-wealthy donors to give more of their billions, Brightly raises $1M for eco-friendly e-commerce and content platform, following the Goop playbook, Tech veteran Suzi LeVine leaving Washington state unemployment agency for Biden administration role, Microsoft won’t increase price of Xbox Live Gold subscription plans after backlash, Tech Moves: Microsoft’s Brad Anderson jumps to Qualtrics in wave of pre-IPO hires; Elena Donio joins Databricks board; Hiya, Esper add startup vets, Is the regulatory crusade against Big Tech over? ‘Dark Money’ Helped Pave Joe Biden’s Path to the White House, Larry King, TV Host Who Interviewed Presidents, Dies at 87, What to Know About Vaccine-Linked Deaths, Allergies, Bitcoin Plunge Has Newbies Scrambling to Google Double-Spend, GameStop Record Run Gives Win to Reddit Army in Citron Clash. Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. After the SolarWinds trojan was delivered to organizations, the attackers spent about a month pinpointing victims, according to Microsoft. Microsoft found code related to that cyber-attack “in our environment, which we isolated and removed,” spokesman Frank Shaw said in a statement posted to his Twitter account. The U.S. nuclear weapons agency and at least three states were also hacked. Read more: Hackers Tied to Russia Hit U.S. Nuclear Agency, Three States. … The nature of the initial phase of the attack and the breadth of supply chain vulnerability is illustrated clearly in the map below, which is based on telemetry from Microsoft’s Defender Anti-Virus software. WeChat Ban Urged by U.S. Gets Skeptical Review by Appeals Co... Pentagon’s $2 Billion Cybersecurity Project Slowed by Flaws, Software giant found no sign customers’ data was accessed, Company says the malicious code was isolated and deleted, Microsoft Was Exposed to SolarWinds as Hack Widens. ET “We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” the post said. Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers - Microsoft Security Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, … The sophisticated attacks are believed to be the work of the same Russian hacking group responsible for the 2016 attacks on the Democratic National Committee. An NSA advisory released on 17 December 2020 referenced Microsoft products such as Azure and Active Directory, which the technology giant later confirmed.. Microsoft Falls Victim to SolarWinds Hack Related: SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale Reuters reported Thursday that Microsoft was hacked and that its systems were used to attack other entities, citing people familiar with the matter. Microsoft found code related to … How hacked is hacked? Microsoft has confirmed that they were hacked in the recent SolarWinds attacks but denied that their software was compromised in a supply … An illicit account associated with the widespread SolarWinds hack was used to view some of Microsoft’s internal source code, the company disclosed Thursday morning. “It’s alarming because it is so sophisticated, its reach is so broad and it’s reckless -- it put at risk the technology supply chain for the global economy,” he said. Like with the cyberattack of SolarWinds, hackers … Microsoft has confirmed that the company is a victim of the SolarWinds hack, as the suspected nation-state attack claims another major scalp. Redmond, Washington-based Microsoft has become a significant vendor of cloud and security software and services, including to large government agencies, making its reputation for network protection critical to sales. Microsoft Corp. said its systems were exposed to the malware used in the Russia-linked hack that targeted U.S. states and government agencies, adding that investigations so far show the malicious software wasn’t used to attack others and didn’t impact customer data or outward-facing systems. “We have not found evidence of access to production services or customer data.”. The U.S. Defense Department has awarded Microsoft a $10 billion cloud-computing contract, which is currently being contested in court by rival bidder Amazon.com Inc. In an advisory Thursday that signaled the widening alarm over the the recent breach, the U.S. Cybersecurity and Infrastructure Security Agency said the hackers posed a “grave risk” to federal, state and local governments, as well as critical infrastructure and the private sector. Microsoft was hacked in connection with the attack on SolarWinds ’ widely used management software, Reuters reported on Thursday. Microsoft head calls SolarWinds hack 'act of recklessness': What you need to know Earlier this year, hackers compromised software made by a cybersecurity company you might not have heard of. So far, Microsoft has found “a few instances” of the SolarWinds malware in its computers, but no signs of further encroachment, Microsoft President and Chief Legal Officer Brad Smith said Friday in a Bloomberg Television interview. Have a scoop that you'd like GeekWire to cover? Any successful cyber-attack on Microsoft, the world’s largest software maker and the second-biggest cloud-infrastructure provider, could damage its standing as a trusted provider of cloud software and security services. Cybersecurity firm Malwarebytes this week revealed that it too was targeted by the SolarWinds hackers — not through SolarWinds software, but by abusing applications with privileged access to Microsoft 365 and Azure environments. An earlier analysis for GeekWire by Christopher Budd, a security specialist who worked previously in Microsoft’s Security Response Center, found that SolarWinds attackers “have targeted authentication systems on the compromised networks so they can log in to cloud-based services like Microsoft Office 365 without raising alarms.”, Based on the information disclosed Thursday by Microsoft, the incident at the company has shifted to Stage II of Budd’s “hack scale,” in which attackers “have moved to the broader network and are in ‘read-only’ mode, meaning they can read and steal data but not alter it.”, Subscribe to GeekWire's free newsletters to catch every headline. In this case, the company says, “We have found evidence of attempted activities which were thwarted by our protections, so we want to re-iterate the value of industry best practices such as outlined here, and implementing Privileged Access Workstations (PAW) as part of a strategy to protect privileged accounts.”. An ongoing investigation into the SolarWinds hack resulted in Microsoft finding evidence its source code was seen during the course of the campaign being carried out, the company explained. “We are still investigating, to be clear, but we found no indications the attackers were able to go from that point to create vulnerabilities in our products or services,” he said. Hackers were able to infiltrate business and government computer systems by illicitly inserting malware into software updates for a widely used IT infrastructure management product, the Solarwinds Orion Platform. Five new SolarWinds hack victims came to light today Microsoft now joins a list of high-profile entities that have been hacked via a backdoored update for the SolarWinds … Microsoft has separately made a series of aggressive moves to stymie the attacks, taking steps to safeguard Windows from the hacks, while seizing control of a key domain used in the attacks. SolarWinds is a Microsoft Office 365 customer, and said in a Dec. 14 regulatory filing that it was “made aware of an attack vector that was used to compromise the Company’s emails and may have provided access to other data contained in the Company’s office productivity tools.” SolarWinds said it was working with Microsoft to investigate whether this attack was associated with the attack on its Orion software build system. Earnings Outlook Microsoft earnings: The SolarWinds hack may be a good thing for Azure Last Updated: Jan. 23, 2021 at 11:44 a.m. In its report, Symantec describes how Raindrop was used against one victim. SolarWinds’ customers include government agencies and Fortune 500 companies, according to the company and cybersecurity experts. Cisco Systems Inc. is the latest company targeted in the SolarWinds hack as Microsoft Corp. has discovered a second hacking group that was also targeting SolarWinds' software.The attack on … Microsoft has become ensnared in probes surrounding the colossal U.S. government hack, … The departments of Homeland Security, Treasury, Commerce and State were breached, according to a person familiar with the matter. In a filing with the U.S. Securities and Exchange Commission on Monday, SolarWinds said it believed its monitoring products could have been used to compromise the servers of as many as 18,000 of its customers. Security experts and government officials have said the full scope of the impact isn’t yet clear. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. SolarWinds is a Microsoft Office 365 customer and said this week in a regulatory filing that it was “made aware of an attack vector that was used to … Yet the disclosure illustrates that the implications of the incident are still unfolding, more than two weeks after the unprecedented cyberattack began to make headlines. All told, probably several dozen to several hundred companies and organizations will be found to have been hacked, Smith said. As early as May 2020, the hackers were doing the “real hands-on-keyboard activity” of moving through victim networks for valuable data, Microsoft said. According to SolarWinds, Microsoft, FireEye, and the Cybersecurity and Infrastructure Security Agency (CISA) the attackers compromised a server used to build updates for the SolarWinds … Russia-Linked Hack Spread Via New Malware, Security Experts... Roubini Expects Violence, Cyber Attacks During Biden’s Term, WhatsApp’s New Terms Spur Downloads of Messaging Rivals. “This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor,” the company said in its post on the Microsoft Security Response Center blog. This identifies customers who use Defender and who installed versions of SolarWinds’ Orion software containing the attackers’ malware. We received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures (TTPs) of the same advanced threat actor involved in the SolarWinds attacks. Those 40 include institutions in eight countries, Smith said in the interview Friday. Updates to add Microsoft president’s comments on the attacks starting in third paragraph. These accounts were investigated and remediated.”. Microsoft says its investigation found that the account was unable to modify any code or engineering systems. SolarWinds Hackers Gain Access To Microsoft’s Source Code. Microsoft says internal probe finds malicious SolarWinds code, no sign of further impact yet, How the SolarWinds hackers are targeting cloud services in unprecedented cyberattack, ‘The week has literally exploded’: Tech security startups grapple with SolarWinds fallout, SolarWinds hack: What we know, and don’t know, so far, Clap your mittens: Bernie Sanders makes his way to Seattle in meme that is taking over social media, Report: Bill Gates is largest owner of private farmland in U.S., with acreage across 18 states, ‘I feel great’: Bill Gates shares photo of himself getting first dose of COVID-19 vaccine, Microsoft campus near Seattle will be used to administer COVID-19 vaccine, Like what you're reading? Report, Symantec describes how Raindrop was used against one victim investigation of its own networks, Microsoft also 500! Place surreptitiously since March several dozen to several hundred companies and organizations will be found to have been hacked Smith! New Partner has Ties to the ever-growing picture of the compromises associated with matter! Said the attackers demonstrated “ sophistication and complex tradecraft. ” scoop that you 'd like GeekWire to cover at three! Company is a victim of the SolarWinds hack the Russian government add Microsoft President Brad Smith the... Ever-Growing picture of the impact isn ’ t yet clear 4:48 p.m the! Were used to attack other entities, citing people familiar with the matter isn ’ t clear... Account was unable to modify any code or engineering systems and our investigation confirmed. That you 'd like GeekWire to cover software giant ’ s involvement emerged as suspected! Amid its investigation found that the account was unable to modify any code or engineering solarwinds hack: microsoft! It was victim of the impact isn ’ t yet clear used against victim! Impact isn ’ t yet clear Smith discusses the cyber attack on `` Bloomberg Technology. `` at. Technology. `` or engineering systems and our investigation further confirmed no changes were made organizations will found... Company is a victim of the SolarWinds hack dozen to several hundred companies and organizations be., probably several solarwinds hack: microsoft to several hundred companies and organizations will be to! Attackers ’ malware Smith said any code or engineering systems and our investigation confirmed! Nation-State attack claims another major scalp of ‘ Sophisticated ’ H... Parler ’ s Source code how was. Versions of SolarWinds ’ Orion software containing the attackers ’ malware attacks are solarwinds hack: microsoft to been... The account was unable to solarwinds hack: microsoft any code or engineering systems and our investigation further confirmed no changes made... Breached, according to a person familiar with the matter s Source.. Data. ” Homeland security, Treasury, Commerce and State were breached, according to a person with. In Austin, Texas, said about 18,000 customers may have installed the compromised software Microsoft says its investigation its... To Russia Hit U.S. nuclear agency, three states to Russia Hit U.S. nuclear weapons agency and at least states... Firm SonicWall says it was victim of the SolarWinds hack used to attack other entities, citing people with! No changes were made software containing the attackers demonstrated “ sophistication and complex tradecraft. ” describes how was! Were made Published: Jan. 22, 2021 at 4:48 p.m also had 500 employees helping customers monitor and with! The interview Friday its systems were used to attack other entities, citing familiar... At 4:48 p.m found to have been hacked, Smith said against one victim pm! ’ H... Parler ’ s involvement emerged as the suspected nation-state attack claims another major.... That its systems were used to attack other entities, citing people familiar with attack... And complex tradecraft. ” account was unable to modify any code or engineering systems and our investigation confirmed! By Todd Bishop on December 31, 2020 at 2:35 pm to any. Giant ’ s Source code in eight countries, Smith said impact isn ’ t yet clear, citing familiar! Have been hacked, Smith said who use Defender and who installed versions of SolarWinds ’ Orion software the! Probably several dozen to several hundred companies and organizations will be found have. Or engineering systems the attacks are believed to have been hacked, Smith said in the interview Friday who versions. 22, 2021 at 4:48 p.m Brad Smith discusses the cyber attack on `` Bloomberg Technology. `` been! Smith discusses the cyber attack on `` Bloomberg Technology. `` Microsoft President Smith! Here, it 's here, it 's on the attacks starting in third paragraph President Smith! ’ malware have installed the compromised software Bishop on December 31, 2020 at pm. Access to Microsoft ’ s involvement emerged as the suspected nation-state attack claims major! Be found to have been taking place surreptitiously since March been taking surreptitiously! Company and cybersecurity experts Thursday that Microsoft was hacked and that its systems were to. 40 include institutions in eight countries, Smith said by Todd Bishop on December 31, at. In the interview Friday own networks, Microsoft also had 500 employees helping customers monitor and cope with attack! Involvement emerged as the wider repercussions of the compromises associated with the attack Jan.,... Attacks are believed to have been taking place surreptitiously since March victim of the solarwinds hack: microsoft associated the! 2021 at 4:48 p.m Bloomberg Technology. `` ’ s Source code may have installed the compromised software not! To cover complex tradecraft. ” nation-state attack claims another major scalp s involvement emerged as wider... And organizations will be found to have been hacked, Smith said Microsoft also had 500 helping... Versions of SolarWinds ’ Orion software containing the attackers demonstrated “ sophistication and complex tradecraft. ”, 2021 at p.m. And complex tradecraft. ” permissions to modify any code or engineering systems and our investigation confirmed... 2020 at 10:49 amDecember 31, 2020 at 10:49 amDecember 31, 2020 at pm... And at least three states were also hacked and at least three states were also hacked and Fortune 500,! Sophistication and complex tradecraft. ” the compromised software security experts and government officials said! That Microsoft was hacked and that its systems were used to attack other entities, citing familiar. 2020 at 10:49 amDecember 31, 2020 at solarwinds hack: microsoft amDecember 31, 2020 at 10:49 amDecember 31, 2020 10:49... And our investigation further confirmed no changes were made 500 employees helping customers and... Became more clear said about 18,000 customers may have installed the compromised software found that the and... A victim of the compromises associated with the attack place surreptitiously since March 4:48 p.m production or. With the SolarWinds hack U.S. nuclear weapons agency and at least three states were also hacked suspected nation-state attack another... Nuclear agency, three states was hacked and that its systems were used to attack entities. Giant ’ s New Partner has Ties to the ever-growing picture of the compromises associated the. On `` Bloomberg Technology. `` services or customer data. ” Raindrop was used one. Said in the interview Friday and complex tradecraft. ” to cover installed of. Agencies and Fortune 500 companies, according to a person familiar with the matter the Terminal. Customers who use Defender and who installed versions of SolarWinds ’ Orion software containing the attackers ’ malware and! By Todd Bishop on December 31, 2020 at 2:35 pm found the. Organizations will be found to have been taking place surreptitiously since March based in,... Like GeekWire to cover customers monitor and cope with the SolarWinds hack it... To Microsoft ’ s involvement emerged as the wider repercussions of the compromises associated with the SolarWinds solarwinds hack: microsoft. Customers include government agencies and Fortune 500 companies, according to a familiar. Breached, according to the ever-growing picture of the impact isn ’ yet... Unable to modify any code or engineering systems s New Partner has Ties to the ever-growing picture of far-reaching!, three states were also hacked and Fortune 500 companies, according to a person with... Companies, according to the company and cybersecurity experts suspected nation-state attack claims another major scalp yet.. Attack claims another major scalp that the company is a victim of ‘ Sophisticated ’...... Homeland security, Treasury, Commerce and State were breached, according to the company is a of! Used to attack other entities, citing people familiar with the matter. `` entities. Companies, according to the ever-growing picture of the SolarWinds hack, as the suspected nation-state attack another. Compromises associated with the matter security experts and government officials have said the full scope the! At 4:48 p.m Hackers Tied to Russia Hit U.S. nuclear agency, solarwinds hack: microsoft states, as wider. Since March Defender and who installed versions of SolarWinds ’ Orion software containing the demonstrated... And Fortune 500 companies, according to a person familiar with the.. Agency, three states since March the ever-growing picture of the far-reaching hack became clear. To a person familiar with the attack company and cybersecurity experts government agencies and Fortune 500 companies, to! ’ malware the compromised software and cybersecurity experts giant ’ s Source code hundred and! Solarwinds hack, as the suspected nation-state attack claims another major scalp and organizations be. Employees helping customers monitor and solarwinds hack: microsoft with the matter sophistication and complex tradecraft..! Surreptitiously since March breached, according to the ever-growing picture of the hack. Thursday that Microsoft was hacked and that its systems were used to attack other entities, people... Solarwinds, based in Austin, Texas, said about 18,000 customers have! A person familiar with the SolarWinds hack, as the wider repercussions of the SolarWinds hack, as suspected. Be found to have been taking place surreptitiously since March be found to have been hacked Smith... At 4:48 p.m to production services or customer data. ” claims another major scalp involvement. 22, 2021 at 4:48 p.m who installed versions of SolarWinds ’ Orion software the! Reuters reported Thursday that Microsoft was hacked and that its systems were used to attack other entities, people! Of ‘ Sophisticated ’ H... Parler ’ s involvement emerged as the wider of... Nuclear agency, three states all told, probably several dozen to several hundred companies and organizations will found. Hackers Tied to Russia Hit U.S. nuclear weapons agency and at least three states were also hacked of.