In a blog post on Thursday, Microsoft said it identified more than 40 organizations that were targeted by attackers using “sophisticated measures.”
Most victims of the attack (80 percent) were located in the U.S. The other targeted groups were spread across seven other countries: Canada, Mexico, Belgium, Spain, the U.K., Israel, and the United Arab Emirates. Microsoft said it has started working with the groups identified as victims.
Those affected were running problematic versions of a third-party software platform called SolarWinds Orion. Hackers were able to escalate intrusions with additional, second-stage payloads. Microsoft said it discovered the intrusions using data from its Microsoft Defender antivirus product, which is built into all Windows installations.
"It's a certainty that the number and location of victims will keep growing," said Microsoft President Brad Smith.
Microsoft itself was among those targeted by hackers, but the company denied claims that its production systems were compromised or that the attack affected its business customers and end-users.
"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed," the statement said.
Microsoft said the attack “represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them.”
The company said the attack is being “actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft." Smith said it’s become clear that stronger international rules are needed to help prevent future attacks of this magnitude.
“The defense of democracy requires that governments and technology companies work together in new and important ways – to share information, strengthen defenses and respond to attacks,” he wrote. “As we put 2020 behind us, the new year provides a new opportunity to move forward on all these fronts.”