Microsoft Notifies Over 600 Companies They Were Targeted in 23,000 Cyber Intrusion Attempts
10:47 GMT 25.10.2021 (Updated: 13:24 GMT 25.10.2021)
The last time the company reported a massive attack on its customers was in 2020, detecting numerous hacking attempts via several vulnerabilities in its products, specifically in the Microsoft Office package. US authorities later suggested that Russia or China might be responsible for the attack, but did not present any direct proof.
Microsoft recently notified some 600 organisations about 23,000 cyber intrusion attempts into their computer systems, The New York Times has reported. One of the tech giant's top security officers, Tom Burt, told the newspaper that there is an organised hacking effort that is "very large, and it is ongoing". Microsoft claims that only a small percentage of the breach attempts were successful, but did not provide any numbers to assess the damage done.
The attackers did not attack the tech giant or the organisations' networks directly, but instead targeted resellers – companies that customise access to Microsoft's cloud services. These companies have high-level access to the customised storages they provide to their customers and hence infecting their networks could open up a path for hackers too. A similar approach was used in the massive SolarWinds hack in 2020.
"[Hackers are] attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global information technology supply chain", Burt said.
At the same time, the newspaper cited anonymous government officials as claiming that the hacking effort "seemed to come" from the SVR – Russia's foreign intelligence agency – and to have targeted the data of the government agencies, corporations, and think tanks stored in the cloud. The NYT's government sources did not elaborate on what evidence led them to believe that Russian intelligence was behind the multiple breach attempts.
However, the government sources noted that they're treating the ongoing hacking effort as the "routine spying" that major countries conduct on each other. They reportedly said that should these attacks prove to be successful, Microsoft and other software providers will bear much of the blame. One official added that the current wave of attacks is an "unsophisticated, run-of-the mill operation".
"We can do a lot of things, but the responsibility to implement simple cybersecurity practices to lock their — and by extension, our — digital doors rests with the private sector", one official reportedly said.
The reports of breach attempts comes almost a year after a scandal involving hacker attacks in 2020 on a number of US government agencies and companies around the world, executed via vulnerabilities in Microsoft products and via a supply chain attack on the software company SolarWinds. The latter apparently resembles the current hacking attempt as the attackers infected builds of the SolarWinds' software, Orion, supplying infected patches to hundreds of its clients and thus opening backdoors in their computer systems.
22 June, 14:58 GMT
When the hack became known, US authorities rushed to blame Russian intelligence for the attack, while failing to provide evidence to back up the claim. Then-US President Donald Trump, however, suggested it could have been Chinese, not Russian, hackers, also failing to produce any evidence. Both Moscow and Beijing strongly denied any involvement in the attacks.