Microsoft is aware of a sophisticated supply chain attack that has targeted a variety of victims over the past year. The attack utilizes malicious SolarWinds files that possibly gave cybercriminals access to some victims’ networks. Microsoft cybersecurity experts are investigating the attack to help ensure that Microsoft customers are as secure as possible.
Microsoft is aware of a sophisticated attack that utilizes malicious SolarWinds software. On December 17, 2020, Brad Smith posted a blog sharing the most up to date information and detailed technical information for defenders.
As this is an ongoing investigation, Microsoft cybersecurity teams continue to act as first responders to these attacks. We know that customers and partners will have ongoing questions and Microsoft is committed to providing timely updates as new information becomes available. We will make updates through our Microsoft Security Response Center (MSRC) blog at https://aka.ms/solorigate.
Microsoft 365 Defender and Microsoft Defender for Endpoint customers should review the Threat Analytics article within the Defender console (sign-in is required) for information about detection and potential impact to their environments.
Microsoft Defender antivirus and Microsoft Defender for Endpoint have released protections for the malicious SolarWinds software and other artifacts from the attack.