So far, investigators believe the attackers further accessed the networks and information of FireEye, The U.S.
SolarWinds has said that there is no evidence of its other products being leveraged by attackers, meaning tools from other IT vendors are being used in these attacks.Īccording to SolarWinds, about 18,000 of its customers were susceptible to the attacks, but the attackers are mostly targeting government entities, organizations that do business with the government and others in the IT supply chain that could give them access to a wide range of other networks. Investigation has revealed that attackers accessed the networks of some victims without utilizing the vulnerability in the SolarWinds Orion platform. “The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged,” the alert said. Cybersecurity and Infrastructure Agency on Thursday issued an alert that it “has evidence of additional initial access vectors” other than the SolarWinds Orion platform. Statements by government officials back up Smith’s claim. The company, along with other tech firms, has been actively fighting back, sinking a domain used as a command and control sever in the attacks and releasing tools that help detect, block and quarantine the malicious code. “It’s certain that the number and location of victims will keep growing,” Smith wrote. About 80% of victims are located in the U.S., but victims are also located in Canada, Mexico, Belgium, Spain, the U.K. Smith laid out other important information in the blog, including where the attacks were focused.
Microsoft claims it has not found evidence of access to production services or customer data, and there are no indications that Microsoft systems were used to attack others. However, Microsoft threw cold water on that report, saying it did detect malicious SolarWinds binaries in the company’s environment, but company security experts isolated and removed them. Reuters on Thursday, citing anonymous sources, said Microsoft has found indications that hackers were able to infiltrate the company’s networks and use Microsoft tools and IT dominance to further their attacks on other entities. ET references news reports about Microsoft itself being a victim of the hack. Smith’s blog came Thursday, and an editor’s note at the bottom that came just before 11 p.m. As our teams act as first responders to these attacks, these ongoing investigations reveal an attack that is remarkable for its scope, sophistication and impact.” “The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft. Government and the tech tools used by firms to protect them,” Smith wrote.
“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. The information came by way of the lengthy blog written by Microsoft President Brad Smith, who echoed the statements of FireEye CEO Kevin Mandia who earlier this week commented on the unprecedented sophistication of the attack: Meanwhile, government and think tanks each make up 18% of the victims, while government contractors make up 9% of the victims.
#Microsoft solarwinds software
While the companies weren’t named, Microsoft said they include software firms, IT services and equipment providers.
In a blog post, Microsoft said 44% of the 40-plus entities that were further breached by hackers in the large-scale attack are other IT companies, meaning hackers may have accessed and used additional private sector software to further their attack. According to Microsoft, it has identified more than 40 victims of the wide-ranging SolarWinds Orion supply chain compromise that were breached further by hackers believed to be backed by a foreign state-backed entity.
0 kommentar(er)
