Microsoft Finds Malicious Code In Its Systems After SolarWinds Compromise

The trial of destruction following the SolarWinds Orion compromise by suspected Russian hackers earlier this week continues to widen.

The ‘supply chain’ cyberattack resulted in a number of key US government departments being hacked, with concern the attack allowed a foreign power (namely Russia) to monitor American government communication.

Internal email traffic at the US Treasury and US Commerce departments was compromised, and the US Energy Department has now also said it has evidence hackers gained access to its networks as part of the campaign.

SolarWinds compromise

Even worse is that it has been reported that US National Nuclear Security Administration (NNSA), which manages the country’s nuclear weapons stockpile, was also targeted.

Now Microsoft has admitted on Thursday that it found malicious software in its systems, signalling that the cyberattack against government agencies has well and truly expanded to top technology firms.

Microsoft is a known user of Orion, the widely deployed networking management software from SolarWinds.

Microsoft had its own products leveraged to attack victims, people familiar with the matter told Reuters.

The US National Security Agency issued a “cybersecurity advisory” Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson was quoted by Reuters as saying.

Hack fallout

Redmond said that it had found “no indications that our systems were used to attack others.”

One of the people familiar with the hacking spree said the hackers made use of Microsoft cloud offerings while avoiding Microsoft’s corporate infrastructure.

Microsoft did not immediately respond to questions about the technique.

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday, Reuters reported, underlining the seriousness of the SolarWinds compromise, which is used by many government departments.

The hackers installed a backdoor in the update process of SolarWinds, but the concern is that the attackers might have installed additional ways of maintaining access in compromised systems.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Accused Of Systemic Discrimination In Lawsuit

Female executive at AWS accuses e-commerce giant of discrimination against black people and hired Harvey…

3 hours ago

US To Squeeze Chip Choke Points To Thwart China Ambitions

US national security commission recommends tightening up 'choke points' on chip manufacturing, to safeguard American…

3 hours ago

Silicon UK In Focus Podcast: Digital Services and Digital Markets Acts

The Digital Services and Digital Markets Acts are new pieces of legislation from the EU.…

1 day ago

Twitter Confirms ‘Super Follow’ Option, For Paid Content

Money maker. Super follow feature coming soon on Twitter, will allow users to receive tips…

4 days ago

Windows 10 ‘Sun Valley’ Promises Major Overhaul

OS refresh. Major update to six year old Windows 10 operating system, dubbed Sun Valley,…

4 days ago

Oxford University Confirms Hack Of Biology Lab Studying Covid-19

NCSC investigates after hackers compromised one of the world’s top biology labs at Oxford University,…

4 days ago