Microsoft has disclosed that the hacked SolarWinds software also ended up on equipment within Microsoft. The company has found no indication that the hack was actually used to steal data from Microsoft.
In a short article, Reuters announced that Microsoft was also affected by the SolarWinds hack. Presumably Russian hackers have managed to add malicious code to the widely used SolarWinds Orion software. Microsoft also turns out to use this software.
No evidence of abuse
On Twitter, Frank Shaw, lead communications at Microsoft, admits that Microsoft found malicious code from SolarWinds in their environment, but that there is no evidence that the hack was used to gain access to the company’s production services or customer data. Shaw goes on to say that no indications have been found that Microsoft’s systems have been used to attack other systems.
It is quite possible that the hack wasn’t used to steal data from Microsoft. The hack merely created a backdoor to the infected computers and did virtually nothing else. Using this backdoor, hackers could further explore the computers and the networks, but this had to be done manually.
Since the compromised SolarWinds software was installed on many thousands of computers, it is virtually impossible that data was actually stolen from all of them. What is more, the hackers appear to have mainly been targeting organizations within the American government. That does not, of course, rule out the chance that data was stolen from Microsoft as well.
Microsoft has now taken several steps to disable the backdoor. The company has seized a URL that the code contacted and turned it into a sinkhole and modified Microsoft Defender to block affected versions of SolarWinds Orion. SolarWinds has already released a patched version of Orion.