Microsoft was hacked by the same group that compromised the networks of software maker SolarWinds and multiple federal agencies, Reuters reported, citing people familiar with the matter.
In response to the report, Microsoft said it had detected a backdoored version of SolarWinds software in its network but had uncovered no evidence it was used to compromise the company’s production system or access customer data.
In a statement issued by Microsoft spokesman Frank X. Shaw, company officials wrote:
Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.
While the statement stopped short of saying no part of Microsoft’s network was compromised, it nonetheless challenged key parts of Reuters’ reporting.
Citing the same people, Reuters said that after the hackers breached Microsoft, they used Microsoft’s own products in follow-on hacks against others. It wasn’t immediately clear how many Microsoft users were affected or what Microsoft products were used. Microsoft representatives didn’t immediately return an email seeking comment.
Microsoft is just one of the recent additions to a rapidly growing list of victims in the wide-ranging and advanced hack that reportedly had the backing of the Russian government. Politico reported that the US Department of Energy and the National Nuclear Security Administration had evidence the same hackers accessed their networks. Bloomberg News said that three unidentified US states were hacked in the same campaign. The Intercept, meanwhile, said the hackers had been inside the city of Austin, Texas, for months.
The rapidly unfolding revelations further underscore the skill, discipline, and resources the hackers had at their disposal. In an alert issued earlier on Thursday, the Cybersecurity Infrastructure and Security Agency said the hacks posed a “grave risk” to US governments at all levels.
New details are likely to become available in the next hours. This story will be updated as warranted.