Microsoft says it has identified more than 40 customers that were targeted in athis week.
The software giant said in a company blog post Thursday that 80% of those customers are in the US, while the others are located in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
“It’s certain that the number and location of victims will keep growing,” Microsoft chief counsel Brad Smith wrote in the post, adding that Microsoft’s investigations found the cyberattack to be ongoing and “remarkable for its scope, sophistication and impact.” The list of targets includes government agencies as well as security and other technology firms and nongovernmental organizations.
Revelations emerged this week that several US government agencies had been breached in a suspected Russian hack enabled by a backdoor built into software from Austin-based IT firm SolarWinds. The malware was delivered on SolarWind’s Orion software, which is installed by more than 17,000 customers, Smith wrote, adding that the attacked reached “many major national capitals outside Russia” and “illustrates the heightened level of vulnerability in the United States.”
Earlier Thursday, Microsoft said its systems were exposed to the attack as well. Microsoft found malicious code related to the attack “in our environment, which we isolated and removed,” spokesman Frank Shaw said in a statement posted to his personal Twitter account.
Shaw also denied a Reuters report Thursday that Microsoft’s systems had been used to attack other victims.
“We have not found evidence of access to production services or customer data,” Shaw wrote. “Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”
News of the massive campaign broke over the weekend with the revelation thatat the US Treasury and Commerce departments. The hack was spotted a few weeks ago “only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses,” according to The New York Times.
The access point was apparently SolarWinds’ Orion network management software. Once hackers added a backdoor to the Orion code, the “software connected to a server controlled by the hackers that allowed them to launch further attacks against the SolarWinds customer and to steal data,” The Wall Street Journal reported earlier this week.
CNET’s Eli Blumenthal contributed to this report.