Like with the cyberattack of SolarWinds, hackers infiltrated Microsoft products and then went after others, Reuters said, citing people familiar with the matter. According to the story, it's not immediately clear how many Microsoft users were affected.
It's a troubling look for Microsoft, which has been beefing up its own security offerings, including in its Office 365 productivity software suite. The stock fell about 0.7% after the report.
Microsoft has taken steps to help secure its customers in the days since SolarWinds confirmed the attack, which was first reported by Reuters on Sunday.
Several U.S. government agencies have been breached in the attack, which impacted updates to SolarWinds' Orion software. Microsoft counts U.S. government agencies, including the Department of Defense, as Office 365 customers. A page that has been removed from SolarWinds' website identified Microsoft as a SolarWinds customer.
"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed," Frank Shaw, Microsoft's corporate vice president in charge of communications, said in a statement he posted on Twitter. "We have not found evidence of access to production services or customer data."