Get Permission
Microsoft says it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies.
Microsoft’s disclosure comes as the devastating scope of the campaign grew on Thursday, with a fresh U.S. government warning that the recently discovered supply chain compromise may not be the only way a hacking group is infiltrating organizations.
Microsoft says it found malicious binaries that came from SolarWinds, the Austin-based company whose software supply chain was infiltrated by a hacking group.
Reuters, which was first to report Microsoft was affected, says that Microsoft “also had its own products leveraged to further the attacks on others,” citing anonymous sources.
Get Permission
Microsoft says it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies.
Microsoft’s disclosure comes as the devastating scope of the campaign grew on Thursday, with a fresh U.S. government warning that the recently discovered supply chain compromise may not be the only way a hacking group is infiltrating organizations.
Microsoft says it found malicious binaries that came from SolarWinds, the Austin-based company whose software supply chain was infiltrated by a hacking group.
Reuters, which was first to report Microsoft was affected, says that Microsoft “also had its own products leveraged to further the attacks on others,” citing anonymous sources.
CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available, the agency said in the report.
The agency is investigating incidents where victims were compromised in the same campaign but without the malicious Orion code. They also point to security vendor Volexity s report of a think tank that was compromised via an attack that bypassed Duo and other multifactor authentication to reach its Outlook Web App. Volexity attributes this intrusion to the same activity as the SolarWinds Orion supply chain compromise, and the TTPs are consistent between the two. This observation indicates that there are other initial access vectors beyond SolarWinds Orion, and there may still be others that are not yet known, CISA said.
Cómo desconectar del móvil estas navidades elmundo.es - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from elmundo.es Daily Mail and Mail on Sunday newspapers.