Microsoft confirmed on Friday that its network was among the thousands infected with tainted software updates from SolarWinds, even as new data the company has released suggest the likely Russian actors behind the campaign were focused on a smaller set of targets than originally thought.
Microsoft on Friday said that it had detected malicious SolarWinds binaries in its environment, which the company isolated and removed. However, the software giant denied a Reuters report on Thursday that claimed Microsoft's own products were then used to distribute malware to other organizations in much the same way SolarWinds' Orion network product management technology was abused.
"We have not found evidence of access to production services or customer data," a Microsoft spokesman says. "Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others." The spokesman says the sources for the Reuters report were likely misinformed or were misinterpreting their information.
SolarWinds on Monday disclosed that attackers had infiltrated its software build system and inserted malicious code into software updates that the company subsequently sent out to 33,000 organizations worldwide — about 18,000 of whom actually installed it. The company has said that updates it released between March and June 2020 were tainted.
However, Cisco Talos on Friday said its investigation shows the attack appears to have been initiated as far back as February. "Compromised binaries appear to have been available on the SolarWinds website until very recently," the company said.
Suspected victims include US Treasury Department, the ..
Support the originator by clicking the read the rest link below.
