Microsoft has confirmed that the company is a victim of the SolarWinds hack, as the suspected nation-state attack claims another major scalp.

An NSA advisory released on 17 December 2020 referenced Microsoft products such as Azure and Active Directory, which the technology giant later confirmed.

Microsoft Falls Victim to SolarWinds Hack

Microsoft was using SolarWinds Orion, the remote management software at the root of the attack. Some publications suggested that Microsoft's compromised products, such as Azure and Active Directory, were then used as attack tools against other victims.

However, Microsoft President Brad Smith issued a statement denying that their products were co-opted into the attack. The Department for Homeland Security also corroborated the denial. Brad Smith's full statement is available to read on the Official Microsoft Blog.

Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.

Smith categorized the ongoing SolarWinds hack as a "moment of reckoning," stating his belief that "We need strong steps to hold nation-states accountable for cyberattacks."

In the global cybersecurity game of cat and mouse, the SolarWinds attack has significantly upped the ante.

Related: Microsoft Blocks Sunburst Malware at Root of SolarWinds Hack

SolarWinds Attack Continues to Grow

The SolarWinds hack is ongoing and claiming more victims.

Microsoft is one of the largest tech companies to declare its involvement. Other targets include the US Energy Department and, perhaps most worryingly of all, the National Nuclear Security Administration, which manages the US nuclear arsenal.

Microsoft's report indicates that around 80 percent of affected organizations are based in the US. There are also victims in the UK, Belgium, Spain, Canada, Mexico, Israel, and the UAE. More victims are expected to appear in the coming days and weeks.

microsoft solarwinds heat map

The US Cybersecurity and Infrastructure Security Agency (CISA) published new information regarding the attack, advising that other attack vectors may exist outside SolarWinds and the Sunburst malware at the root of the threat.

For example, CISA is investigating an incident involving the suspected threat actor leveraging secret keys stolen in a previous attack. The secret key (like an encryption key) enables the attacker "to generate a cookie to bypass the Duo multi-factor authentication protecting access to Outlook Web App (OWA)."

Related: What Is a Backdoor and What Does It Do?

SolarWinds is what is known as a supply-chain hack. The attackers compromise the supply-chain into the victim's network rather than attacking the network directly. Once inside, the attacker has unparalleled access to the organization's internal workings.

SolarWinds isn't the first supply-chain attack but is almost certainly the largest.