SAN FRANCISCO: Microsoft Corp said on Thursday it found malicious software in its systems related to a massive hacking campaign disclosed by U.S. officials this week, adding a top technology target to a growing list of attacked government agencies.
The Redmond, Washington company is a user of Orion, the widely deployed networking management software from SolarWinds Corp which was used in the suspected Russian attacks on vital U.S. agencies and others.
Microsoft also had its own products leveraged to attack victims, said people familiar with the matter. The U.S. National Security Agency issued a rare “cybersecurity advisory” Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said, adding that the company had found “no indications that our systems were used to attack others.”
One of the people familiar with the hacking spree said the hackers made use of Microsoft cloud offerings while avoiding Microsoft’s corporate infrastructure.
Microsoft did not immediately respond to questions about the technique.
Still, another person familiar with the matter said the Department of Homeland Security (DHS) does not believe Microsoft was a key avenue of fresh infection.
Both Microsoft and the DHS, which earlier on Thursday said the hackers used multiple methods of entry, are continuing to investigate.
The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.
The U.S. Energy Department also said it has evidence hackers gained access to its networks as part of the campaign. Politico had earlier reported the National Nuclear Security Administration (NNSA), which manages the country’s nuclear weapons stockpile, was targeted.
An Energy Department spokeswoman said malware “has been isolated to business networks only” and has not impacted U.S. national security, including the NNSA.
The DHS said in a bulletin on Thursday the hackers had used other techniques besides corrupting updates of network management software by SolarWinds which is used by hundreds of thousands of companies and government agencies.
CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the SolarWinds software, while also pointing out that the hackers did not exploit every network they gained access too.
CISA said it was continuing to analyze the other avenues used by the attackers. So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.
As many as 18,000 Orion customers downloaded the updates that contained a back door, SolarWinds has said. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.
But the attackers might have installed additional ways of maintaining access, CISA said, in what some have called the biggest hack in a decade.
The Department of Justice, FBI and Defense Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures. They are assuming that the non-classified networks have been accessed, the people said.
CISA and private companies including FireEye Inc, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.
But the attackers are very careful and have deleted logs, or electronic footprints or which files they have accessed, security experts said. That makes it hard to know what has been taken.
Some major companies have said they have “no evidence” that they were penetrated, but in some cases that may only be because the evidence was removed.
In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said.
Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.
In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.
KATHMANDU, JANUARY 21 The National Human Rights Commission urged the government to take effective steps to ensure justice to Ganga Maya Adhikari and protect her life. Issuing a statement today, NHRC spokesperson Dr Tikaram Pokharel reiterated the call to implement the agreements reached in the Read More...
KATHMANDU, JANUARY 21 Oil Corporation has provided jobs to two women who survived acid attack. The NOC provided the job for one year under its corporate social responsibility. The beneficiaries are Pabitra Karki from Okhaldhunga and Basanti Pariyar from Nawalparasi. They were provided jobs Read More...
Physical attacks on journalists, rights activists continue to undermine civic space KATHMANDU, JANUARY 21 CIVICUS, the World Alliance for Citizen Participation, has called on UN member states to urge the Government of Nepal to double its efforts to protect civic freedom as its human rights recor Read More...
KATHMANDU, JANUARY 21 Implementation Protocol was signed between Nepal and Israel today for implementation of the agreement related to temporary employment of Nepali workers in the labour market of Israel. At a programme held at the Ministry of Labour, Employment and Social Security today, Dir Read More...
RAJBIRAJ, JANUARY 21 At a time when protest against the controversial dissolution of the Parliament by Prime Minister KP Sharma Oli is spreading across the country, the ruling party’s sister wing National Youth Association Nepal organised a demonstration in support of the prime minister in Sapt Read More...
KATHMANDU, JANUARY 21 The second national gathering of Press Organisation Nepal unanimously elected joint-coordinator Ganesh Basnet as the coordinator. Basnet replaces coordinator Mahesh Dahal, who was removed on the ground of lack of activity in carrying out organisational responsibilitie Read More...
RAUTAHAT, JANUARY 21 Nepali Congress staged demonstrations across Rautahat district today in protest against what they described as an attack on the nation’s constitution by Prime Minister KP Sharma Oli’s unconstitutional and regressive move. Rallies were organised in all 18 local leve Read More...
POKHARA, JANUARY 21 Trekkers heading to Annapurna Base Camp through various routes to the camp do not require negative PCR reports. Trekking routes were resumed on January 14 amid the infection risk after making it mandatory for trekkers to show PCR reports. A meeting of the Chhomrong T Read More...