Microsoft has managed to identify more than 40 victims of the Solorigate / SUNBURST malware, the firm claims.
Using data collected from its free Windows Defender cybersecurity tool, it found that while infected US government agencies may be the most headline-grabbing victims, they represent only a small portion of affected organizations.
The majority of the companies are tech firms that develop software and manufacture hardware. Even Microsoft itself fell prey to the malware, it confirmed, but managed to contain the threat before it could reach production systems and impact customers and end-users.
Most victims (80 percent) are based in the US, with the remaining 20 percent scattered among Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE. Microsoft also said that despite the news of the breach going public, malware operators are still trying to infect new businesses, and are using existing infiltrations to deploy stage-two payloads.
The cyberattack, which has been described as the most destructive of the year, was first spotted by security experts at FireEye. They noticed that the latest update for Orion, a SolarWinds network monitoring tool for large enterprises, was corrupted and carried a malicious payload. This update was allegedly downloaded by 18,000 organizations.
While we still don’t have official confirmation of who is behind the attack, fingers are being pointed at APT29, which is believed to be a Russian, state-sponsored hacking group.
SolarWinds was allegedly breached through a compromised Office 365 account.