Skip to main content

Microsoft says it has identified over 40 victims of SolarWinds hack

Zero-day attack
(Image credit: Shutterstock.com)

The fallout from the recent major SolarWinds vulnerability continues, with Microsoft confirming that it has notified more than 40 customers in the past week that they have been targeted. The attack made headlines after security firm FireEye announced that its internal network had been hacked using a malware-infected version of the SolarWinds Orion network monitoring tool.

The extent of the security threat posed by the SolarWinds vulnerability is still coming to light but it clearly has global ramifications. Although 80%of the affected customers identified by Microsoft are based in the US, victims have also been located in Canada, Mexico, Belgium, Spain, the UK, Israel, and the United Arab Emirates.

When analyzed by sector, Microsoft found that 44% of targets were based in the IT industry, while government organizations and think-tanks/NGOs also featured highly among the current list of victims.

A moment of reckoning

“The final weeks of a challenging year have proven even more difficult with the recent exposure of the world’s latest serious nation-state cyberattack,” Microsoft President Brad Smith said. “This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms. It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous. As much as anything, this attack provides a moment of reckoning.”

A number of US Government agencies of varying levels of importance are believed to have been hacked as a result of the SolarWinds bug. Perhaps most worryingly, the Energy Department and National Nuclear Security Administration recently confirmed that it too had been targeted, with hackers gaining access to its internal networks.

The Microsoft president added that it was time for a more effective national and global strategy to protect against cyberattacks, one that involves enhanced sharing of threat intelligence and stronger international rules to prevent the development of the cyberattack ecosystem.