Microsoft confirmed that it was also breached in the recent SolarWinds supply chain attack. However, the tech giant stated that the threat actors have not compromised its software supply-chain to infect its customers.
Russia-linked hackers have breached SolarWinds last week by using a trojanized SolarWinds Orion business software updates to distribute the backdoor named SUNBURST (aka Solarigate (Microsoft)).
Reuters agency have published a report based on unknown sources that Microsoft was also compromised in the SolarWinds supply–chain attack and the hackers managed to compromise its software to distribute malware to its clients.
In response to the reports published by the media, Microsoft issued a statement stating that like other SolarWinds customers, they have been actively looking for indicators of the threat actor. They confirmed that they have detected malicious SolarWinds binaries in their environment, which was isolated and removed.
They also got evidence of access to production services or customer data. The investigation process is going on and they haven’t found any indications that their systems were used to attack others.
Frank Shaw, the corporate vice president of communications at Microsoft, confirmed that they have detected multiple malicious SolarWinds binaries in its environment, but denied that the company’s clients were affected.
The Cybersecurity and Infrastructure Security Agency (CISA) experts pointed out that removing the threat actor from compromised environments will be highly complex and challenging for organizations.
Microsoft, FireEye, and GoDaddy have partnered to create a kill switch for the Sunburst backdoor that was employed in the recent SolarWinds hack.