“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,” Smith wrote. “The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft.”
Microsoft has been working as an investigative partner to cybersecurity firm FireEye, which is also a victim and issued the first warning about the supply chain attack.
Previously, FireEye also identified victims across several sectors and countries, including government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.
Earlier Thursday, Reuters reported that Microsoft had been compromised as well. Microsoft said it has “isolated and removed” a vulnerability in its systems tied to third-party software that had facilitated a suspected Russian hacking campaign.
Updates to the software sold by SolarWinds were used as a carrier for malicious code that US officials believe may be linked to Russia. That software was found in Microsoft’s network, the company said in a statement Thursday evening.
The statement marks Microsoft’s first public acknowledgment that in addition to investigating the malware, it was also a victim of it.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” the statement said.
Microsoft has not found evidence that an actual data breach occurred or that the attackers exploited their access, the company added. The company pushed back on a Reuters report that suggested Microsoft’s products had been used to compromise other victims.
“Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,” Microsoft said.
This story has been updated with acknowledgment from Microsoft that it was compromised.
This content was originally published here.