Microsoft was hacked by the same group that compromised the networks of software maker SolarWinds and multiple federal agencies, Reuters reported, citing people familiar with the case.
In response to the report, Microsoft said it had detected a backdoor version of SolarWinds software on its network, but found no evidence that it was being used to compromise the company’s production system or access customer data.
In a pronunciation edited by Microsoft spokesperson Frank X. Shaw, company officials wrote:
Like other SolarWinds customers, we are actively looking for indicators of this actor and can confirm that we have detected malicious SolarWinds binaries in our environment, which we isolated and removed. We found no evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no evidence that our systems were being used to attack others.
While the statement didn’t say that no part of Microsoft’s network had been compromised, it nonetheless challenged important parts of Reuters’ reporting.
Citing the same people, Reuters said that after the hackers broke into Microsoft, they used Microsoft’s own products in follow-up hacks against others. It was not immediately clear how many Microsoft users were affected or which Microsoft products were used. Microsoft representatives did not immediately return an email asking for comment.
Microsoft is just one of the recent additions to a rapidly growing list of victims of the extensive and sophisticated hack that allegedly had the support of the Russian government. Politico reported that the US Department of Energy and the National Nuclear Security Administration had evidence that the same hackers had access to their networks. Bloomberg News said three unidentified US states were hacked in the same campaign. According to The Intercept, the hackers had been in the city of Austin, Texas for months.
The rapidly unfolding revelations underscore the skill, discipline and resources the hackers had at their disposal. In a warning issued earlier on Thursday, the Cybersecurity Infrastructure and Security Agency said the hacks posed a “serious risk” to US governments at all levels.
New details will likely become available in the coming hours. This story will be updated as needed.