icrosoft was breached in the massive suspected Russian campaign that has hit multiple U.S. government agencies, including those responsible for maintaining America’s nuclear weapons stockpile, the company has confirmed.
The sprawling attack, which targeted critical government infrastructure using a Trojan horse hidden in network management software from SolarWinds Corp, also compromised broad swathes of the private sector, likely including most of the Fortune 500, it emerged on Thursday.
Officials say the attack went undetected for nearly nine months, allowing the hackers free range in the affected agencies and companies, and that the true scale of the stolen information may never be known.
The nation’s cybersecurity agency warned of a ‘grave’ risk to government and private networks, saying the sophisticated attack was hard to detect and will be difficult to undo.
Microsoft is one of the world’s largest technology companies, with clients across the public and private sector, and last year was awarded the $10 billion JEDI contract to run the Department of Defense’s cloud computing system.
In a statement to DailyMail.com on Thursday, a Microsoft spokesperson confirmed that it had detected and removed malicious code from the SolarWinds attack within the company, but denied that any of its products were affected.
‘We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,’ the spokesperson said.
As well, the two agencies responsible for maintaining America’s nuclear weapons stockpile have evidence they were compromised in the attack, which also breached the Pentagon, FBI, Treasury and State Department.
‘This is looking like it’s the worst hacking case in the history of America,’ one U.S. official said on condition of anonymity. ‘They got into everything.’
The Department of Energy confirmed on Thursday that that it was among those that had been hacked.
The DOE and the National Nuclear Security Administration have begun to warn Congress that their breached networks may include the Los Alamos National Laboratory, which conducts the government’s most sensitive and advanced nuclear research, Politico reported.
The FBI was scheduled to deliver a classified briefing to Congress on Friday and the House Homeland Security Committee has launched an investigation.
The Department of Justice, FBI and Defense Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures.
They are assuming that the non-classified networks have been accessed.
The government also warned that network software company SolarWinds was not the only breached technology vendor that the hackers used as an attack vector, meaning agencies and companies that do not use SolarWinds are now at risk too.
Another major tech supplier was also compromised by the same attackers and used to get into high-value final targets, according to two people briefed on the matter.
DHS’s Cybersecurity and Infrastructure Security Agency urged investigators not to assume their organizations were safe if they did not use recent versions of the SolarWinds software, while also pointing out that the hackers did not exploit every network they did gain access to.
As many as 18,000 SolarWinds customers downloaded the updates that contained a back door. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.
But the attackers might have installed additional ways of maintaining access in what some are calling the biggest cyber breach in at least a decade.
‘This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,’ CISA said in an alert.
CISA said it was continuing to analyze the other avenues used by the attackers. So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Comm….