Sean Kilpatrick/The Canadian Press
Microsoft president Brad Smith said in a blog late Thursday that his company was hacked in connection with the attack on SolarWinds and that Canada was also hit.“While roughly 80 per cent of these customers are located in the United States, this work so far has also identified victims in seven additional countries,” Mr. Smith said. “This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East.
“While this situation remains ongoing, the Canadian Centre for Cyber Security is actively engaged with our government and non-government partners sharing cybersecurity advice and guidance, mitigation, and operational updates,” CSE spokesperson Evan Koronewski said in an e-mail. Shared Services Canada, which manages the majority of Ottawa’s IT infrastructure, said that at this point, none of the SolarWinds platforms and products used by the government have been affected by the incident.
CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.