Russian Hackers Accessed Microsoft Users’ Accounts By Guessing Passwords In SolarWinds Cyberattack, Investigators Say

Philippe Huguen/AFP via Getty Images

Daily Caller News Foundation logo
Thomas Catenacci Energy & Environment Reporter
Font Size:

The suspected Russian hackers behind a cyberattack against U.S. individuals, entities and government agencies were able to access servers by guessing passwords, investigators said.

The cyberattack, originally traced back to software made by SolarWinds, is now believed to extend much farther than originally thought, according to investigators, The Wall Street Journal reported. Hackers are now believed to have accessed Microsoft cloud infrastructure and investigators estimate that 30% of the victims targeted in the attack had no connection to SolarWinds.

“This adversary has been creative,” Cybersecurity and Infrastructure Security Agency Acting Director Brandon Wales told the WSJ. “It is absolutely correct that this campaign should not be thought of as the SolarWinds campaign.” (RELATED: REPORT: DHS Officials Were Also Monitored In Suspected Russian Cyber Espionage Operation)

The cyber intruders were able to access online accounts, in part, by guessing users’ passwords, according to the WSJ. They were also able to exploit bugs in software and issues in Microsoft’s cloud-based software, the world’s largest business software provider.

Cybersecurity firm Malwarebytes Inc. recently said many of its own Microsoft cloud accounts were compromised in the cyberattack, the WSJ reported.

Cybersecurity officials testify during a Senate Homeland Security and Governmental Affairs Committee hearing in December. (Greg Nash/Pool/Getty Images)

Cybersecurity officials testify during a Senate Homeland Security and Governmental Affairs Committee hearing in December. (Greg Nash/Pool/Getty Images)

U.S. authorities have blamed the Russian government for the months-long attack, which reportedly began in July and was detected by the cybersecurity firm FireEye in December, the WSJ reported. (RELATED: Feds Say Latest US Government Hack ‘Poses A Grave Risk’ To National Security. How Might They Respond?)

The massive cyberattack was conducted using servers and computers within the U.S. and often from within the same town or city as the victims of the attack, according to FireEye. Because the attack came from domestic servers, the perpetrators were able to evade the National Security Agency’s authority, which does not extend to domestic private-sector networks.

It is expected that Russian actors accessed about 250 U.S. networks, including Fortune 500 companies and several government agencies such as the Department of Homeland Security, the Treasury Department and the National Nuclear Security Administration, according to The New York Times.

In addition, roughly 3% of the Department of Justice’s email accounts were accessed during the hack, the department said in a press release on Jan. 6.

“We still don’t know what Russia’s strategic objectives were,” Suzanne Spaulding, a former DHS cybersecurity official, told the NYT.

“But we should be concerned that part of this may go beyond reconnaissance,” she continued. “Their goal may be to put themselves in a position to have leverage over the new administration.”

President Joe Biden has promised to make cybersecurity a top priority in response to the attack.

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact