This is a news summary of Microsoft confirms it was also breached in recent SolarWinds supply chain hack from ZDNet.com, published on 17 December 2020.
This is related to a previous news of U.S. Government Hacked!
The state-sponsored attack on SolarWinds has also broke into Microsoft’s internal network and what is even stumbling is Microsoft’s own products are used to further attack against others companies as well, Reuters reported.
This news came after US Cybersecurity and Infrastructure Agency (CISA) had published an alert on the SolarWinds supply chain attack and its impact on government agencies, critical infrastructure entities, and private sector organizations.
You can read the about the alert here: CISA Alert.
CISA mentioned that “evidence of additional initial access vectors, other than the SolarWinds Orion platform.”
2 reportings from Reuters about Microsoft hack did not bring up what Microsoft products are affected by the attack.
The Microsoft’s unedited statement is:
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”
As of the time of this news published, most of these victims are US government agencies and the only private company is cybersecurity firm FireEye.
As per article, both FireEye and Microsoft provided extensive reports of how the breach happened and involved in an operation to sinkhole the domain avsvmcloud[.]com used in the SolarWinds hack.