'Deeply damaging and dangerous:' List of victims of the Russian-linked SolarWinds hack keeps widening
Microsoft on Thursday said it detected the backdoor in SolarWinds’ software in its “environment” and had “isolated and removed” it. The company said none of its customer data nor its products were accessed or used to further attacks on others, denying a Reuters report.
In a blog post, Microsoft said it had identified more than 40 customers that the hackers had “targeted more precisely and compromised,” including “security and other technology firms,” think tanks and government contractors, in addition to government agencies. Of the victims, 80% are located in the U.S. while the others are in seven other countries: Canada, Mexico, the U.K., Belgium, Spain, Israel and the United Arab Emirates. Microsoft said it expects that number and locations of victims to keep growing.
Federal officials are trying to get a handle on the situation, with senior staff convening daily to coordinate a response to the breach, a Trump administration official said. On Wednesday, they triggered key parts of a cyber-emergency playbook meant to direct government efforts during a crisis. Among other things, that included convening what’s known as a Cyber Unified Coordination Group, which makes it easier to involve private companies like telecommunications firms and big tech providers in the government’s response.
If the hackers had been wandering around sensitive U.S. networks for only a few weeks, all of this would be less of a problem. Instead, the breaches began as long ago as March. That means U.S. officials now face the sobering prospect that foreign hackers had access to many sensitive computer systems for as long as nine months.With little understanding of exactly how bad the breach of the U.S. government is, members of a consortium of major financial firms that share data on security incidents with the government began considering limiting those communications, a person familiar with the deliberations said.