As if the year wasn’t bad enough, it seems that 2020 will be ending on a very low note, especially for the IT and cybersecurity community. Reports of several US government agencies being hacked sprung up a few days ago but it seems that the actual damage goes further than that. If the reports are true, which Microsoft pretty much confirms, alleged state-sponsored actors have been able to compromise and infiltrate organizations and institutions on both sides of the Atlantic and the number of victims still keeps growing.
When news that cybersecurity firm FireEye was hacked broke out earlier this month, there were already concerns that it was done by hackers sponsored by a nation-state that many quickly presumed was Russia. Back then, the connection with another security firm wasn’t yet clear but it would take only a week for SolarWinds’ name to be dragged into the spotlight and, with it, Microsoft.
Reports that SolarWinds’ Orion platform, ironically used for security monitoring, was compromised and malware-laden versions installed on US government computers sent security experts scrambling not only to close doors but also make sense of the resulting carnage. It eventually came to light that Microsoft’s own software and services became instrumental in compromising computer systems of not only governments but even NGOs and private companies as well.
Microsoft has confirmed only part of these reports, admitting that it was also a victim of the modified SolarWinds’ Orion software which it also uses. It spotted these “malicious SolarWinds binaries” in its environment, which it promptly removed, but found no evidence they reached its outward-facing services. In other words, it’s denying the allegation that hackers hacked Microsoft using SolarWinds so they can then use Microsoft to hack others.
Of course, Microsoft wouldn’t admit something that would practically burn its business to the ground. Instead, its lengthy post tries to shift the focus on building a stronger global cybersecurity response, though it conveniently skirts around how its software and services have been used that way, even without SolarWinds or state-backed hackers.