Microsoft Confirms Finding Compromised SolarWinds Code In Its Systems

Attacks on information systems are very frequent. And no target is too impressive for hackers. They compete in ingenuity and resources. Even giants like Microsoft can be affected.

Many organizations today are busy assessing the impact of a massive hacking campaign that compromised networks using SolarWinds’ Orion network management tools. Today, Microsoft confirms that it has discovered “malicious binaries” in its systems. As Reuters reports, a set of NSA cybersecurity experts specifically identified Microsoft, Azure and Active Directory products as tools targeted by hackers to gain access to other resources.

Microsoft confirms that it has found SolarWinds malicious code in its systems

In a statement, Microsoft today confirms that it has discovered “malicious binaries” in its systems since these attacks but no evidence that anyone has accessed production services or personal personal data . Reuters also reports statements from a source saying that Microsoft’s cloud offerings were used by hackers for their attacks, but again Microsoft says it has found no evidence for these claims. ZDNet also specifies that an alert from the US Cybersecurity and Infrastructure Agency (CISA) claimed that the agency had evidence of “additional access vectors” beyond the Orion platform and the backdoor that it contained, called Sunburst or Solarigate. The CISA declares that it is continuing its investigation.

but no proof of access to production services or personal data

According to the Microsoft statement: “Like other SolarWinds customers, we have actively looked for indicators of this player and can confirm that we have detected malicious SolarWinds binaries in our environment, binaries that we have isolated and removed. We could not find any evidence of access to production services or personal data. Our investigations, which are continuing as of this writing, have yielded no evidence that our systems could have been used to attack others. ”

Before issuing this press release, Microsoft President Brad Smith published a lengthy post regarding “the need for a strong and comprehensive cybersecurity response” and stated that his company works with more than 40 clients “that attackers have targeted precisely and compromised via sophisticated additional measures. ” The man has a clear focus on the coming administration and what he considers necessary to manage threats of country-level attacks on computer systems.

Leave a Comment