Earlier this week, we reported on Microsoft acting against a malware attack on the SolarWinds app Orion. Microsoft Defender was equipped to quarantine malicious binaries related to the Solorigate (SUNBURST) attack. Since then, the problem continues to escalate and now Microsoft President Brad Smith is issuing a warning.
According to Smith, the attack on the SolarWinds Orion IT app is a wide-ranging problem and is “ongoing”. Microsoft's chief lawyer also adds it is “an attack that is remarkable for its scope, sophistication and impact.”
All fingers are pointing to a Russia-backed threat group that placed malware on the SolarWinds Orion application. This app is used by SolarWinds users for network monitoring purposes. The company later confirmed the app versions 2019.4 to 2020.2.1 were breached with the Solorigate malware.
Microsoft worked with other tech companies to seize and take down a domain that was crucial in the breach. The site, avsvmcloud.com was a server for the Solorigate malware, and sent the infection to nearly 18,000 Orion users.
Smith says the attack is a “moment of reckoning” and says this is a very serious hack with wide consequences. He says it “represents an act of recklessness that created a serious technological vulnerability for the United States and the world”.
Adding to the gravity of the situation, the executive says this “is not just an attack on specific targets, but on the trust and reliability of the world's critical infrastructure in order to advance one nation's intelligence agency.”
“The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks,” according to Smith.
Microsoft's president also says the company has notified 40 customers that have been a target of the attack. 80 percent are from the United States, but there are also targets in Mexico, Canada, Spain, Israel, and the United Kingdom.
In initial response to the malware, Microsoft beefed up its Microsoft Defender tool with protocols to detect the solarigate malware. After realizing simply sending alerts was not enough, the company added a quarantine measure into the software.
Tip of the day:
Did you know that as a Windows 10 admin you can restrict user accounts by disabling settings or the control panel? Our tutorial shows how to disable and enable them via Group Policy and the registry.