Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others (emphasis added).
MICROSOFT SOLARWINDS SERIES
The campaign, initially observed and tracked by Microsoft since January 2021, evolved over a series of waves demonstrating. We have not found evidence of access to production services or customer data. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind the attacks against SolarWinds, the SUNBURST backdoor, TEARDROP malware, GoldMax malware, and other related components. Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. Reuters initially reported that hackers utilized the attacks to access Microsoft's internal network, but Microsoft issued a statement denying that the attacks were able to access production services or customer data: Microsoft worked with GoDaddy and FireEye to turn the domain into a kill switch to prevent malware from reporting back and downloading a second-stage payload for attacks. We have been actively looking for indicators of this actor.
MICROSOFT SOLARWINDS SOFTWARE
Microsoft took several steps this week to protect customers, including seizing the web domain that was used to report information to cyberattackers. Microsoft is a customer of SolarWinds, the IT provider the hackers exploited to send software updates to numerous US government agencies.
![microsoft solarwinds microsoft solarwinds](https://img.paratic.com/dosya/2021/01/microsoft-solarwinds-saldirilarinda-kaynak-kodlarina-erisildigini-tespit-etti-687x400.jpg)
Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world." Smith highlights that "This is not 'espionage as usual,' even in the digital age. Prior to issuing the statement Microsoft president Brad Smith wrote a long post about “the need for a strong and global cybersecurity response,” and said his company is working with more than 40 customers “that the attackers targeted more precisely and compromised through additional and sophisticated measures.” His focus appears to be on the incoming presidential administration, and what he considers necessary to deal with the threat of nation-state attacks on computer systems.Microsoft president, Brad Smith, outlines the attack and its far-reaching effects in great detail in a blog post. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.” We have not found evidence of access to production services or customer data. “Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed.
![microsoft solarwinds microsoft solarwinds](https://i.nextmedia.com.au/Utils/ImageResizer.ashx?n=https%3A%2F%2Fi.nextmedia.com.au%2FNews%2FFrom-Solorigate-to-Cobal-Strike.png)
CISA said it’s continuing to investifate. ZDNet points out that an alert from US Cybersecurity and Infrastructure Agency (CISA) said the agency had evidence of “additional access vectors” beyond the Orion platform and the backdoor it contained, dubbed Sunburst or Solarigate. Reuters also reported a source saying Microsoft cloud offerings were used by hackers in the attacks, but Microsoft claimed it has not found any evidence of that. In a statement, Microsoft confirmed it had found “malicious binaries” on its systems from the attacks, but found no access that anyone had accessed production services or customer data. As Reuters reports, the NSA sent out a cybersecurity advisory on Thursday that specifically referenced Microsoft products like Azure and Active Directory as tools the attackers targeted to gain access to other resources. Various organizations are grappling with the impact of a massive hacking campaign that compromised networks using SolarWinds’ Orion network management tools, and now Microsoft says it found “malicious binaries” on its systems.