Tobias Schwarz/Getty Images
Microsoft on Thursday said it was hit by the sweeping SolarWinds cybersecurity hack, but the company denied a Reuters report indicating its products and services may have been compromised.
Reuters reported that Microsoft s services may have been subverted by the attackers in a way that would make the tech titan s customers vulnerable. We believe the sources for the Reuters report are misinformed or misinterpreting their information, Microsoft said.
Microsoft did confirm that it found and removed elements of the SolarWind hack from its system.
Government agencies and companies have been discovering the apparent nation-state attack this week, including reports that the Department of Energy was affected.
Slideshows
5 Key Takeaways From the SolarWinds Breach
New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.
1 of 6
Image Credit: doe.gov
Anxiety over the recent SolarWinds and US government cyberattack went up a notch Thursday when the DHS Cybersecurity and Infrastructure Security Agency (CISA) warned the advanced persistent group behind the incident might be using multiple tactics to gain initial access into target networks.
It was first widely thought that the likely Russia-backed threat actor was distributing malware to thousands of organizations worldwide by hiding it in legitimate updates to SolarWinds Orion network management software. On Thursday, CISA said its analysis showed attackers may have also used another initial vector: a multifactor authentication bypass, done by accessing the secret key from the Outlook Web App (OWA) server.
Feds: SolarWinds Attack ‘Poses a Grave Risk’ To Government, Business
The U.S. government says it has evidence of additional initial access vectors beyond the SolarWinds Orion supply chain compromise, but noted that those other attack methods are still being investigated. By Michael Novinson December 17, 2020, 04:50 PM EST
The U.S. government warned Thursday that removing the SolarWinds hackers from compromised environments will be a highly complex and challenging endeavor for organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) said that the group behind the SolarWinds breach has demonstrated patience, operational security and complex tradecraft in its attacks. CISA added it has evidence of additional initial access vectors beyond the SolarWinds Orion supply chain compromise, but noted that those other intrusion methods are still being investigated.
MIL-OSI USA: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations foreignaffairs.co.nz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from foreignaffairs.co.nz Daily Mail and Mail on Sunday newspapers.
CISA: SolarWinds Is Not the Only Way Hackers Got Into Networks BeeBright/Shutterstock.com
email December 17, 2020
The agency also warned that getting attackers out of networks will be complex especially because they are monitoring IT and cybersecurity employees’ emails.
The fallout from the SolarWinds breaches will be far more difficult and time-consuming to remediate than originally assumed, as the attackers likely found more ways to enter federal networks than just the SolarWinds Orion product and have been targeting IT and response personnel, according to the government’s lead cybersecurity agency.
The Cybersecurity and Infrastructure Security Agency, or CISA, released an alert Thursday through the U.S. Computer Emergency Readiness Team, or US-CERT, detailing what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime ta