Microsoft has located victims of the breach in North America, Europe and the Middle East. Credit: Solarseven / Getty Images Victims of the SolarWinds breach include organisations in the UAE and Israel in addition to entities in North America and Europe, according to Microsoft. More than 40 Microsoft customers that use the SolarWinds’ Orion network and applications monitoring platform have been compromised, according to a blog post by Microsoft President Brad Smith. Microsoft detected the breach based on telemetry from its Defender security software, among customers that use that product as well as the Orion platform, Smith said. While 80% percent of those customers are in the US, others are located in Canada, Mexico, Belgium, Spain, the UK, in addition to the UAE and Israel, according to Smith. Microsoft said, however, that it found no evidence of access to its own production services, and no indication that its systems were used to attack others. Though Smith did not identify any of the customers, he said that the list of victims discovered so far include government entities, technology and security companies, and NGOs (nongovernmental organisations). A hacker group widely believed to be Cozy Bear, affiliated with the Russian government, gained access to the Orion software and then used that breach to distribute updates to the product that included a trojan programme dubbed SUNBURST. This allows the attackers to circumvent security and install various other malware. SolarWinds says that it has 33,000 Orion customers. The company said that customers should upgrade to Orion Platform version 2020.2.1 HF 1 as soon as possible. “SolarWinds was the victim of a cyberattack to our systems that inserted a vulnerability (SUNBURST) within our Orion Platform software builds for versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1, which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run,” the company said in a security alert. The company said it is has not seen evidence that non-Orion product were compromised. The wide-ranging breach is a so-called supply chain attack, one in which hackers breach systems by first compromising third-party software that has access to those systems. In his blog post, Smith urged international cooperation to address the growing cybersecurity threats. “We need to take a major step forward in the sharing and analysis of threat intelligence,” Smith said. “We need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem.” Related content brandpost How an Indian real-estate juggernaut keeps growing by harnessing the power of zero A South Indian real-estate titan is known for the infinite variety and impressive scale of its projects, but one of its most towering achievements amounts to nothing literally. By Michael Kure, SAP Contributor May 31, 2023 5 mins Digital Transformation brandpost Hybrid working: the new workplace normal IT leaders discuss how a more broadly dispersed workforce impacts device deployment, connectivity, and the employee experience, even as more workers return to the office. By Michael Krieger May 31, 2023 5 mins Remote Work opinion Can you spot the hidden theme of CSO’s Future of Cybersecurity summit? By Beth Kormanik May 31, 2023 2 mins Events Cybercrime Artificial Intelligence case study How IT leaders use EV tech to fuel the transport revolution in Kenya Many African nations are starting to invest in electric vehicle (EV) transportation as a means to broaden access and help keep pace with global environmental initiatives. In Kenya, strides are being made despite industry and tech leaders grappling to By Vincent Matinde May 31, 2023 5 mins CIO CTO Emerging Technology Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe