Microsoft was hacked by the same group that compromised the networks of software maker SolarWinds and multiple federal agencies, Reuters reported, citing people familiar with the matter.
Microsoft categorically denied the report. “We have no indication of this,” company President Brad Smith told New York Times reporter Nicole Perlroth. Perlroth said the company stood by a statement it issued on Sunday saying it had no indication of a vulnerability in any Microsoft product or cloud service in its investigations of the hacking campaign.
Citing the same people, Reuters said that after the hackers breached Microsoft, they used Microsoft’s own products in follow-on hacks against others. It wasn’t immediately clear how many Microsoft users were affected or what Microsoft products were used. Microsoft representatives didn’t immediately return an email seeking comment.
Microsoft is just one of the recent additions to a rapidly growing list of victims in the wide-ranging and advanced hack that reportedly had the backing of the Russian government. Politico reported that the US Department of Energy and the National Nuclear Security Administration had evidence the same hackers accessed their networks. Bloomberg News said that three unidentified US states were hacked in the same campaign. The Intercept, meanwhile, said the hackers had been inside the city of Austin, Texas, for months.
The rapidly unfolding revelations further underscore the skill, discipline, and resources the hackers had at their disposal. In an alert issued earlier on Thursday, the Cybersecurity Infrastructure and Security Agency said the hacks posed a “grave risk”to US governments at all levels.
New details are likely to become available in the next hours. This story will be updated as warranted.
RSS