The head of Microsoft said on Thursday that the Russian hacking campaign torn up by the US government had nullified more than 40 organizations. The campaign, which US officials believe is the work of Russian intelligence, began at least early on March, Which was only discovered last week, and has been broken into several federal systems. A multi-company report this week described it as “Is going on, ”Opens the question of how many companies were compromised and Microsoft Russian hacking how bad they were.
Microsoft was the first company to provide a comprehensive estimate of how widespread the hack is. While the company does not have total visibility in the hacking campaign, it does have significant insights into the use of Windows and its antivirus software, Defender, by governments and companies.
While many of the victims are government agencies, companies that contract with governments or think tanks and information and technology companies are often the victims, Microsoft found.
The breadth of the campaign is an obvious question because it had the potential to affect a wide range of victims.
Hackers were able to break into companies by entering Solar Winds, a relatively obscure technology company based in Austin, Texas, which considers many U.S. government agencies and large corporations as customers. In March, hackers were able to send poisonous software updates to all Solar Winds customers who used versions of its popular Orion operating system, which set foot on victims’ systems.
However, experts and US officials widely relied on Microsoft Russian hacking to allocate resources only for hacking and stealing information from the list of the most targeted organizations.
In an earlier interview, Dmitry Alberovich, co-founder of the cybersecurity firm Credstrike and head of the Silverado Policy Accelerator, said that the intelligence agency could not fully exploit many victims and instead address more valuable goals. .
“The good news here is that if you want to search for a silver lining, no intelligence has enough manpower to go behind everyone,” Alberovich said Monday.
“It simply came to our notice then. The bad news is, they had the best nine months to do cherry-pick. “
Department of Commerce and Energy and cybersecurity firm FireE, which first reported. Solar Winds is a maintained List Of the more than 100 major government and business clients on its website, it deleted the page on Monday.
Kevin Collier is a reporter for NBC News covering Internet Security, Privacy and Technology Policy. Rich Cordella and Ken Dylanian Contributed.