Microsoft says it was hit by the SolarWinds cyberattack, but says 'we have not found evidence' that its products or customer data were affected

  • Microsoft said Thursday that it was hit by the sweeping SolarWinds cybersecurity hack, but denied a Reuters report that indicated that its products and services may have been compromised.
  • Reuters reported that Microsoft's services may have been subverted by the attackers in a way that would make the tech titan's customers vulnerable. "We believe the sources for the Reuters report are misinformed or misinterpreting their information, Microsoft said.
  • "We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others," the company also said.
  • However, Microsoft did confirm that it found and removed elements of the SolarWind hack from its own system.
  • Government agencies and companies have been discovering the apparent nation-state attack this week, including reports that the Department of Energy was affected.
  • Visit Business Insider's homepage for more stories.

Microsoft said on Thursday that its systems had been affected by the SolarWinds hack, but denied a report that its services had been subverted to compromise the tech titan's own customers.

Reuters reported earlier on Thursday that Microsoft was swept up in the sweeping SolarWinds cyberattack, making its systems vulnerable to bad actors. Furthermore, Reuters said, the company's own products had been compromised by the attackers, potentially putting customers of Microsoft products like Office 365 or Azure at risk.

In response, Microsoft confirmed that it was affected by the sweeping supply-chain cybersecurity attack stemming from SolarWinds IT software — but categorically denied that customer data or its own products were at risk. "We believe the sources for the Reuters report are misinformed or misinterpreting their information," the company told Business Insider in a statement. 

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed," Microsoft spokesman Frank Shaw said in an additional statement Thursday afternoon. "We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."

In a lengthy blog post published Thursday evening, Microsoft President Brad Smith wrote that SolarWinds "is effectively an attack on the United States" and "provides a moment of reckoning." Smith called for "more effective and collaborative leadership by the government and the tech sector."

Microsoft also reiterated what it said in a blog post Sunday: "We also want to reassure our customers that we have not identified any Microsoft product or cloud service vulnerabilities in these investigations." In that same Sunday statement, the company said "we are also actively looking for indicators in the Microsoft environment and, to date, have not found evidence of a successful attack."

Earlier Thursday the Cybersecurity and Infrastructure Security Agency (CISA), the nation's top cybersecurity agency, said in an alert that another cybersecurity company found evidence that the hackers cracked Duo, an authentication tool, to access Microsoft's Outlook email app:

"Volexity has also reported publicly that they observed the APT using a secret key that the APT previously stole in order to generate a cookie to bypass the Duo multi-factor authentication protecting access to Outlook Web App," CISA wrote. 

The attacks, cited by many experts as coming from a nation-state actor such as Russia, have hit a growing list of enterprises this week, including signs of hacks Thursday at the Department of Energy.  

Signup Today: Free Chart of the Day Newsletter from Insider Intelligence

Source: Read Full Article