Microsoft was hacked by the same group that compromised the networks of software maker SolarWinds and multiple federal agencies, Reuters reported, citing people familiar with the matter.
Citing the same people, the news service said that Microsoft’s own products were then used in follow-on hacks on others. It wasn’t immediately clear how many Microsoft users were affected or what Microsoft products were used. Microsoft representatives weren’t immediately available for comment.
Microsoft is just one of the recent additions to a rapidly growing list of victims in the wide-ranging and advanced hack that reportedly had the backing of the Russian government. Politico reported that the US Department of Energy and the National Nuclear Security Administration had evidence the same hackers accessed their networks. Bloomberg News said that three unidentified US states were hacked in the same campaign. The Intercept, meanwhile, said the hackers had been inside the city of Austin, Texas, for months.
The rapidly unfolding revelations further underscore the skill, discipline, and resources the hackers had at their disposal. In an alert issued earlier on Thursday, the Cybersecurity Infrastructure and Security Agency said the hacks posed a “grave risk”to US governments at all levels.
New details are likely to become available in the next hours. This story will be updated as warranted.