Microsoft has said the UK and six other countries outside the US have been affected by a suspected Russian hacking attack that US authorities have warned poses a grave risk to government and private networks.
Brad Smith, Microsoft's chief legal counsel, said the company had uncovered 40 customers, including government agencies, think tanks, NGOs and IT companies, that were "targeted more precisely and compromised" after the hackers had gained initial access earlier this year.
Some 80 per cent were in the US, including, it is feared, agencies responsible for the US nuclear weapons stockpile. But the remainder were spread out across other countries.
“This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East,” Mr Smith said. “It’s certain that the number and location of victims will keep growing.” Known British victims are currently small in number and security sources indicated do not include any public sector organisations. However, checks are ongoing, partly because the sophistication of the hack makes it unclear who may have been affected.
Russian hacker groups are often linked to the country’s intelligence agencies, and US officials have privately blamed the attack on Cozy Bear, a group accused of trying to steal coronavirus vaccine secrets earlier this year.
The attack appears to have started when an updated popular IT network management tool called Orion, made by SolarWinds, was compromised from March this year. About 18,000 customers installed the compromised update, many of whom were in the US federal government. Of these, at least 40 were then selected by the attackers for further exploitation, including the US treasury and department of commerce, where emails are thought to have been read, and the National Telecommunications and Information Administration.
The hackers' intention appears to have been a "high-end espionage operation" according to security sources, designed to steal government and military secrets. Information is not thought to have been destroyed, although the assessment is ongoing. It emerged overnight that the US National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, had evidence that hackers accessed its networks. – Guardian service