X

Microsoft discovers 40 customers targeted in massive hack campaign

But the company denies its systems were used to attack other victims.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
See full bio
Steven Musil
2 min read
cybersecurity-hacking-14

Microsoft says it's identified 40 customers victimized in a massive hacking campaign linked to Russia.

 Graphic by Pixabay/Illustration by CNET

Microsoft says it has identified more than 40 customers that were targeted in a massive hacking campaign linked to Russia this week.

The software giant said in a company blog post Thursday that 80% of those customers are in the US, while the others are located in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

"It's certain that the number and location of victims will keep growing," Microsoft chief counsel Brad Smith wrote in the post, adding that Microsoft's investigations found the cyberattack to be ongoing and "remarkable for its scope, sophistication and impact." The list of targets includes government agencies as well as security and other technology firms and nongovernmental organizations.

Revelations emerged this week that several US government agencies had been breached in a suspected Russian hack enabled by a backdoor built into software from Austin-based IT firm SolarWinds. The malware was delivered on SolarWind's Orion software, which is installed by more than 17,000 customers, Smith wrote, adding that the attacked reached "many major national capitals outside Russia" and "illustrates the heightened level of vulnerability in the United States."

Earlier Thursday, Microsoft said its systems were exposed to the attack as well. Microsoft found malicious code related to the attack "in our environment, which we isolated and removed," spokesman Frank Shaw said in a statement posted to his personal Twitter account.

See also: How to avoid a spear-phishing attack. 4 tips to keep you safe from timeless scams

Shaw also denied a Reuters report Thursday that Microsoft's systems had been used to attack other victims.

"We have not found evidence of access to production services or customer data," Shaw wrote. "Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."

News of the massive campaign broke over the weekend with the revelation that hackers supported by a foreign government have been monitoring email at the US Treasury and Commerce departments. The hack was spotted a few weeks ago "only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses," according to The New York Times.

The access point was apparently SolarWinds' Orion network management software. Once hackers added a backdoor to the Orion code, the "software connected to a server controlled by the hackers that allowed them to launch further attacks against the SolarWinds customer and to steal data," The Wall Street Journal reported earlier this week.

CNET's Eli Blumenthal contributed to this report.