Russian state-sponsored hackers breached SolarWinds and used their auto-update mechanism to distribute a backdoor to clients. Microsoft has confirmed that they were hacked in the recent solarWinds attacks but denied that their software was compromised in a supply-chain attack to infect customers. The attack reached the infrastructure of approximately 18,000 customers, including the U.S. Treasury, US NTIA, and the US Department of Homeland Security. Microsoft has not found evidence of access to production services or customer data.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/