Breaking News
0
Ad-Free Version. Upgrade your Investing.com experience. Save up to 40% More details

Microsoft says it found malicious software in its systems

EconomyDec 17, 2020 11:10PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
 
2/2 © Reuters. FILE PHOTO: SolarWinds Corp. banner hangs on the company's IPO at the NYSE in New York 2/2

By Joseph Menn

SAN FRANCISCO (Reuters) -Microsoft Corp said on Thursday it found malicious software in its systems related to a massive hacking campaign disclosed by U.S. officials this week, adding a top technology target to a growing list of attacked government agencies.

The Redmond, Washington company is a user of Orion, the widely deployed networking management software from SolarWinds Corp which was used in the suspected Russian attacks on vital U.S. agencies and others.

Microsoft (NASDAQ:MSFT) also had its own products leveraged to attack victims, said people familiar with the matter. The U.S. National Security Agency issued a rare "cybersecurity advisory" Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed," a Microsoft spokesperson said, adding that the company had found "no indications that our systems were used to attack others."

One of the people familiar with the hacking spree said the hackers made use of Microsoft cloud offerings while avoiding Microsoft's corporate infrastructure.

Microsoft did not immediately respond to questions about the technique.

Still, another person familiar with the matter said the Department of Homeland Security (DHS) does not believe Microsoft was a key avenue of fresh infection.

Both Microsoft and the DHS, which earlier on Thursday said the hackers used multiple methods of entry, are continuing to investigate.

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

The U.S. Energy Department also said it has evidence hackers gained access to its networks as part of the campaign. Politico had earlier reported the National Nuclear Security Administration (NNSA), which manages the country's nuclear weapons stockpile, was targeted.

An Energy Department spokeswoman said malware "has been isolated to business networks only" and has not impacted U.S. national security, including the NNSA.

The DHS said in a bulletin on Thursday the hackers had used other techniques besides corrupting updates of network management software by SolarWinds which is used by hundreds of thousands of companies and government agencies.

CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the SolarWinds software, while also pointing out that the hackers did not exploit every network they gained access too.

CISA said it was continuing to analyze the other avenues used by the attackers. So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.

As many as 18,000 Orion customers downloaded the updates that contained a back door, SolarWinds has said. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.

But the attackers might have installed additional ways of maintaining access, CISA said, in what some have called the biggest hack in a decade.

The Department of Justice, FBI and Defense Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures. They are assuming that the non-classified networks have been accessed, the people said.

CISA and private companies including FireEye (NASDAQ:FEYE) Inc, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.

But the attackers are very careful and have deleted logs, or electronic footprints or which files they have accessed, security experts said. That makes it hard to know what has been taken.

Some major companies have said they have "no evidence" that they were penetrated, but in some cases that may only be because the evidence was removed.

In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said.

Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.

In a statement, President-elect Joe Biden said he would "elevate cybersecurity as an imperative across the government" and "disrupt and deter our adversaries" from undertaking such major hacks.

Microsoft says it found malicious software in its systems
 

Related Articles

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind: 

  • Enrich the conversation
  • Stay focused and on track. Only post material that’s relevant to the topic being discussed.
  • Be respectful. Even negative opinions can be framed positively and diplomatically.
  •  Use standard writing style. Include punctuation and upper and lower cases.
  • NOTE: Spam and/or promotional messages and links within a comment will be removed
  • Avoid profanity, slander or personal attacks directed at an author or another user.
  • Don’t Monopolize the Conversation. We appreciate passion and conviction, but we also believe strongly in giving everyone a chance to air their thoughts. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.

Write your thoughts here
 
Are you sure you want to delete this chart?
 
Post
Post also to:
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Comments (3)
David David
David9 Dec 17, 2020 11:54PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
I don't believe any of these... it is very easy to say this and that, but if they don't show us the proof...it is all he said she said to me...
Joel Schwartz
Joel Schwartz Dec 17, 2020 11:54PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Lol what does Microsoft gain by saying this
joe balone
joe balone Dec 17, 2020 11:54PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
As if you could understand the proof.
Jo Pa
Jo Pa Dec 17, 2020 11:00PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Dominion voting machines also used SolarWinds. But we aren't allowed to talk about that.
Kevin Le
Kevin Le Dec 17, 2020 11:00PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
The Russians would've backed Trump. try again
la popeye
la popeye Dec 17, 2020 6:48PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
this show the world how things can be done with datas. imagine something done heavily on the banking system. panic!
 
Are you sure you want to delete this chart?
 
Post
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's Investing.com's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
or
Sign up with Email