Microsoft has said that the UK and six other countries outside the US have been affected by an alleged Russian hacking attack that US authorities have warned poses a serious risk to the government and private networks.
Brad Smith, Microsoft’s chief legal counsel, said the company had 40 clients discovered– including government agencies, think tanks, NGOs and information technology companies – which were “more precisely targeted and compromised” after hackers gained initial access earlier this year.
Eighty percent were in the United States, including, it is feared, the agencies responsible for the United States’ nuclear weapons arsenal. But the rest was distributed by other countries.
“This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the United Arab Emirates in the Middle East, ”Smith said. “It is certain that the number and location of the victims will continue to grow.”
Russian hacker groups are often linked to the country’s intelligence agencies, and US officials have privately blamed the attack on Cozy Bear, a group accused of trying to steal the secrets of the coronavirus vaccine earlier this year. .
The attack occurred when a popular updated IT network management tool called Orion, made by SolarWinds, was compromised starting in March of this year. About 18,000 customers installed the compromised update, many of whom were from the US federal government.
Of these, the attackers selected at least 40 for further exploitation, including the US Department of the Treasury and the US Department of Commerce, where the emails are believed to have been read, and the National Telecommunications and Information Administration.
Microsoft said it was able to map part of the impact of the SolarWinds attack because customers used it to help use their antivirus software. He admitted that he was also a victim of the attack, although he said he had not found “evidence of access to production services or customer data.”
It emerged overnight that the US National Nuclear Security Administration, which maintains the US arsenal of nuclear weapons, had evidence that hackers accessed their networks. The NNSA also supplies nuclear technology to the UK.
The FBI is expected to hold a classified briefing for members of Congress on Friday about the growing impact of the attack, which is potentially the most serious the US government has faced in its history.
Smith said the attack represented “a comprehensive and successful spy-based assault on both the confidential information of the United States government and the technological tools used by companies to protect them.”
But it also had global ramifications, he said, creating a vulnerability in the technology supply chain “of near global importance, reaching several major national capitals outside of Russia.”
A map produced by Microsoft showed where hackers’ malware had been picked up by users of its Microsoft Defender antivirus software, with evidence of penetration in a variety of countries, including China, but excluding Russia.
“This is not ‘spy business as usual’, even in the digital age. Rather, it represents an act of recklessness that created a serious technological vulnerability for America and the world, ”Smith said.
Russia denies responsibility for the attack. in a statement posted on Facebook This week, the Russian Foreign Ministry described the allegations as “another baseless attempt” by the US media to blame Russia for the cyberattacks against US agencies.
On Thursday, President-elect Joe Biden said the United States needed to “better disrupt and deter our adversaries” and said he looked forward to working closely with “allies and partners” to prevent Russian attacks.
This marked a change of tone from the outgoing administration of Donald Trump. Trump was reluctant to criticize the Kremlin and its spy agencies, which were accused of hacking and leaking the content of the Democratic Party email server in the run-up to the 2016 election campaign.
Microsoft called on the incoming Biden administration to improve cybersecurity intelligence sharing across the US government and among US allies.
He also requested that the new president appoint a national cybersecurity director. The highest-ranking individual previously responsible, Chris Krebs, was fired by Trump as director of the Cybersecurity and Infrastructure Security Agency in November after he rejected the president’s election conspiracy theories.
This week Jeremy Fleming, director of the UK spy agency GCHQ, said the organization was “working in step” to understand what the implications of the SolarWinds attacks were for the British government and private companies. There has not been a substantial update on it.
Digsmak is a news publisher with over 12 years of reporting experiance; and have published in many industry leading publications and news sites.