Microsoft Corporation (MSFT) acknowledged that it has found similar malicious code within its own internal systems to that which state-sponsored hackers from Russia allegedly have used to infect Orion software from SolarWinds Corporation (SWI). However, Microsoft asserts that it has contained and removed the problem, and that, contrary to speculation in initial press reports, its own products and customers have not been affected.
- Microsoft has found malicious code from the hack on SolarWinds Corp.
- The tech giant claims to have isolated and removed this code from its systems.
- It also asserts that its customers have not been harmed.
- Microsoft is taking a leading role in joint efforts to combat the malware.
- Microsoft's president issued a lengthy call to action on cybersecurity.
Statement From Microsoft
The Reuters report that suggested a possible impact on Microsoft customers from the SolarWinds breach stated: "It was not immediately clear how many Microsoft users were affected by the tainted [SolarWinds] products."
In response, Frank X. Shaw, the corporate vice president of communications at Microsoft, issued this statement on Twitter: "Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries [i.e., code] in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."
The SolarWinds Hack
SolarWinds is a major developer and seller of software that large businesses and government agencies use to manage their networks, systems, and information technology infrastructure. The breach being attributed to state-sponsored Russian hackers affects the Orion platform developed by SolarWinds, which counts many U.S. federal agencies and Fortune 500 corporations, including Microsoft, among its users.
The first compromise of Orion has been traced to March 2020, and roughly 18,000 customers may have received malicious code. For its part, Microsoft reportedly is taking a leading role in a collaborative effort to neutralize the malicious code.
Meanwhile, private equity firms Silver Lake and Thoma Bravo reportedly sold SolarWinds shares worth $158 million and $128 million, respectively, on Dec. 7, 2020, six days before news of the breach became public. These firms collectively own about 70% of SolarWinds shares and control six board seats. An investigation by the U.S. Securities and Exchange Commission (SEC) into possible illegal insider trading by these firms is likely to result.
Significance for Investors
In response to the Reuters story, which broke after the market close on Dec. 17, 2020, Microsoft stock recorded a modest dip of just under 1% in after-hours trading. However, it subsequently recovered much of the lost ground after Microsoft spokesman Frank X. Shaw issued his assurances.
If Microsoft is correct in its assertion that its systems have been cleaned up and that its customers are not at risk, there should be no negative impact. Nonetheless, the situation is fluid and in its early stages.
Microsoft Issues Cybersecurity Call to Action
Microsoft President Brad Smith issued a lengthy, detailed statement in the wake of the news reports about the SolarWInds hack and its possible impacts on Microsoft. Among his chief points are: "The past 12 months have produced a watershed year with evolving cybersecurity threats on three eye-opening fronts ... the continuing rise in the determination and sophistication of nation-state attacks ... the growing privatization of cybersecurity attacks through a new generation of private companies, akin to 21st-century mercenaries ... the intersection between cyberattacks and COVID-19 itself."
Regarding COVID-19, Smith noted: "After a brief lull in March, cyberattackers took aim at hospitals and public health authorities, from local governments to the World Health Organization (WHO) ... Microsoft security teams identified three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19."
Smith urges: "Put simply, we need a more effective national and global strategy to protect against cyberattacks ... First, we need to take a major step forward in the sharing and analysis of threat intelligence ... Second, we need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem ... Finally, we need stronger steps to hold nation-states accountable for cyberattacks."
In November 2020, Microsoft named veteran cybersecurity executive Christopher Young to head business development. It is possible that this move heralded a strategic initiative to make Microsoft an even bigger player in cybersecurity, and recent events may make this an even bigger imperative.