(CNN) – Microsoft identified more than 40 of its customers around the world who had problematic versions of a third-party IT management program installed and who were the specific target of the alleged Russian hacking campaign announced this week, the company said in a post. blog on Thursday.
The tech company said 80% of those victims are in the US, with the rest in seven other countries: Mexico, Spain, Canada, Belgium, the UK, Israel and the United Arab Emirates.
“It is a certainty that the number and location of victims will continue to grow,” said Microsoft president Brad Smith, adding that the company has been working to notify affected organizations.
Hacking campaign
Microsoft’s analysis represents the clearest and most specific assessment yet of the magnitude of the damage caused by the hacking campaign, which was carried out in secret through a third-party software program sold by SolarWinds, an IT management company. .
The software that delivered the alleged Russian malware, SolarWinds Orion, has as many as 18,000 global customers, including government agencies, private companies and other organizations. Microsoft said on Thursday that the attack “reached many major national capitals outside of Russia.”
“Unfortunately, the attack represents an extensive and successful attack on espionage, both on the confidential information of the US government and the technological tools that companies use to protect it,” Smith wrote. “The attack is underway and cybersecurity teams from the public and private sectors, including Microsoft, are investigating and actively addressing it.”
Microsoft worked as a research partner for cybersecurity firm FireEye, which is also a victim and issued the first warning about the supply chain attack.
Previously, FireEye also identified victims in a variety of industries and countries, including government, consulting, technology, telecommunications and extractive agencies in North America, Europe, Asia, and the Middle East.
Microsoft acknowledges it has also been compromised
At the beginning of Thursday, Reuters reported that Microsoft was also compromised. The company said it has “isolated and removed” a vulnerability in its systems associated with third-party software that enabled an alleged Russian hacking campaign.
Updates to the software sold by SolarWinds have been used to carry malicious code that US officials believe can be linked to Russia. That software was found on Microsoft’s network, the company said in a statement Thursday evening.
The statement marks Microsoft’s first public acknowledgment that, in addition to investigating malware, it was also a victim.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we have detected malicious Solar Winds binaries in our environment, which we have isolated and removed,” the statement said.
Microsoft has found no evidence that an actual data breach has occurred or that attackers have exploited access to it, the company added. The company rejected a Reuters report that suggested Microsoft products had been used to endanger other victims.
“Our ongoing investigations have revealed absolutely no evidence that our systems were being used to attack others,” Microsoft said.