Friday, December 18, 2020

Microsoft identifies more than 40 organizations targeted in massive cyber breach


Alex Marquardt, Brian Fung
Zachary Cohen, CNN

(CNN) - Microsoft has identified more than 40 of its customers around the world that had problematic versions of a third-party IT management program installed and that were specifically targeted by the suspected Russian hacking campaign disclosed this week, the company said in a blog post Thursday.

The tech company said that 80% of those victims are in the US while the rest are in seven other countries: Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

"It's a certainty that the number and location of victims will keep growing," said Microsoft President Brad Smith, who added that the company has worked to notify the affected organizations.

Microsoft's analysis represents the clearest and most specific assessment yet of the scope of the damage caused by the hacking campaign, which was secretly conducted through a third-party software program sold by SolarWinds, an IT management firm.

The software that the suspected Russian malware was delivered with, SolarWinds Orion, has as many as 18,000 global customers, including government agencies, private companies and other organizations.
Microsoft said Thursday that the attack "reached many major national capitals outside Russia."  Read more >>