The tech company said that 80% of those victims are in the US while the rest are in seven other countries: Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
“It’s a certainty that the number and location of victims will keep growing,” said Microsoft President Brad Smith, who added that the company has worked to notify the affected organizations.
Microsoft’s analysis represents the clearest and most specific assessment yet of the scope of the damage caused by the hacking campaign, which was secretly conducted through a third-party software program sold by SolarWinds, an IT management firm.
The software that the suspected Russian malware was delivered with, SolarWinds Orion, has as many as 18,000 global customers, including government agencies, private companies and other organizations. Microsoft said Thursday that the attack “reached many major national capitals outside Russia.”
“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,” Smith wrote. “The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft.”
Microsoft has been working as an investigative partner to cybersecurity firm FireEye, which is also a victim and issued the first warning about the supply chain attack.
Previously, FireEye also identified victims across several sectors and countries, including government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.
Earlier Thursday, Reuters reported that Microsoft had been compromised as well. Microsoft did not comment on that assertion but told CNN the company was looking into it.