Unique: Suspected Russian hacker assault in Microsoft sources
© Reuters. FILE PHOTO: The SolarWinds Corp. banner. hangs on the company’s IPO on the NYSE in New York
By Joseph Menn
SAN FRANCISCO (Reuters) – Microsoft (NASDAQ 🙂 was injured in the massive hacking campaign released by US officials this week, according to those familiar with the matter, adding a top technology target to a growing list of key government agencies added.
The Redmond, Washington, company used the popular network management software from SolarWinds Corp., which was used in the alleged Russian attacks on US authorities and others. It had also used its own products to promote the attacks on others, people said.
Reuters could not immediately determine how many Microsoft users were affected by the contaminated products. The Department of Homeland Security, which earlier Thursday said the hackers used multiple entry methods, is still investigating.
Microsoft did not immediately respond to a request for comment.
The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.
The US Department of Energy also said they had evidence that hackers gained access to their networks as part of a massive cyber campaign. Politico had previously reported that the National Nuclear Security Administration, which manages the country’s nuclear weapons supply, has been targeted.
A Department of Energy spokeswoman said malware is “restricted to corporate networks only” and has not compromised US national security, including the NNSA.
The Department of Homeland Security said in a bulletin Thursday that the spies used techniques other than corrupting SolarWinds updates to network management software used by hundreds of thousands of businesses and government agencies.
“The compromise in the SolarWinds Orion supply chain is not the only initial infection vector that this APT actor has used,” said DHS ‘Cybersecurity and Infrastructure Security Agency, citing opponents with “advanced persistent threats.”
CISA urged investigators not to assume that their organizations are safe unless they are using the latest versions of SolarWinds software, pointing out that the hackers were not exploiting every network they had access to.
CISA said it would continue to analyze the other avenues used by the attackers. So far, it is known that the hackers have at least monitored e-mails or other data in the US Departments of Defense, State, Treasury, Homeland Security and Commerce.
Up to 18,000 Orion customers have downloaded the updates, which included a backdoor. Since the campaign was discovered, software companies have cut communications from these backdoors to the computers being maintained by the hackers.
But the attackers may have installed additional means to maintain access in what some have dubbed the biggest hack in a decade.
Because of this, officials said security teams should communicate through dedicated channels to ensure their own detection and corrective actions are not monitored.
The Department of Justice, the FBI and the Department of Defense, among other things, have moved routine communications to classified networks that are believed not to have been harmed, according to two people who were briefed on the measures. They assume that the unclassified networks have been accessed.
CISA and private companies, including FireEye (NASDAQ :), which was the first to discover and reveal it was hacked, have released a series of clues that companies must look for to see if they have been hit.
However, the attackers are very careful and deleted logs or electronic footprints or the files they accessed. That makes it hard to know what was taken.
Some large corporations have made carefully worded statements that they have “no evidence” that they have intruded. However, in some cases, it may only be because the evidence has been removed.
On most networks, the attackers would have been able to create fake data too, but so far they only seem interested in getting real data, said the people tracking the probes.
In the meantime, members of Congress are asking for more information on what and how was recorded and who is behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday while the Senators pressed to see if individual tax information was obtained.
In a statement, President-elect Joe Biden said he would “increase cybersecurity as a commandment across the government” and “disrupt and prevent our adversaries” from carrying out such major hacks.