Microsoft Corp. said it found malicious software in its systems in connection to a large-scale hacking operation revealed by U.S. authorities this week, adding a top technology entity to a growing list of hacked government agencies.
In an exclusive report by Reuters on Friday, it said Microsoft found "malicious binaries" in a breach allegedly carried out by Russian hackers who targeted several U.S. government agencies by capitalizing on the open-source operating system from SolarWinds Corp.
The U.S. National Security Agency released a cybersecurity advisory Thursday that specifically referenced Microsoft products like Active Directory and Azure as tools the hackers took advantage of to gain access to other networks.
Microsoft is a client of SolarWinds Corp., whose Orion operating system - the widely deployed networking management software - the attackers are believed to have used to gain access to resources by installing malicious code.
Cybersecurity experts say any successful attack on the world's biggest software company and the second-largest Cloud-computing provider could hurt its reputation as a trusted provider of software and security services.
A source with knowledge of the cyberattack said the hackers made use of Microsoft's Cloud offerings while avoiding the company's main corporate infrastructure. Microsoft did not immediately respond to questions about the incident.
The U.S. Department of Energy also said they have strong evidence that attackers gained access to their infrastructure as part of the well-orchestrated cyber operation.
SolarWinds said at least 18,000 of its clients had downloaded an infected operating system update that allowed the hackers to gather sensitive data unnoticed on government agencies and private corporations for almost nine months.
U.S. senators are demanding answers into the cyberattack and whether the personal information of millions of American taxpayers was compromised.
The U.S. Treasury, Homeland Security and Commerce department were breached, including the U.S. nuclear weapons agency, multiple reports said.
