Microsoft’s systems were exposed as part of the suspected Russian cybersecurity hack that targeted SolarWinds and hit multiple government agencies, people familiar with the matter told Reuters.
The people told the newswire that Microsoft’s own products were used to further attacks on others. It’s unclear how many Microsoft users were affected.
CNBC noted that multiple government agencies use Office 365, including the Department of Defense.
ADVERTISEMENT
Microsoft spokesperson Frank Shaw said in a statement posted to Twitter that the company had detected malicious Solar Wind binaries, which it removed. It has not found evidence of “access to production services or customer data.”
“Our investigations, which are ongoing, have found no indications that our systems were used to attack others.”
Dozens of federal agencies had been breached earlier this year as part of the cyberattack on SolarWinds. The Cybersecurity Infrastructure and Protection Agency issued an alert detailing the attack on Thursday, in which it warned that it posed a “grave risk” to federal and state governments, as well as private sector organizations.
ADVERTISEMENT
Reuters first reported that the Treasury Department and a branch of the Commerce Department were breached. Officials said on Thursday that agencies within the Department of Energy, such as the National Nuclear Security Administration, were also targeted.
The Washington Post reported that “Cozy Bear,” a Russian military intelligence group, was behind the attack.
Meanwhile, the Homeland Security Committee and Oversight and Reform Committee announced on Thursday that they will be investigating the cyber attack.