According to the Washington Post, the alleged attack took place via a Microsoft corporate partner, which handles cloud-access services. The hackers have also reportedly stolen emails from a private company, which the media outlet did not name.
"We have still not identified any vulnerabilities or compromise of Microsoft product or cloud services", Jeff Jones, Microsoft’s senior director for communications, was quoted as saying by the newspaper.
The attack against US companies and government institutions has become one of the most large-scale cybersecurity incidents over the past months. The hackers reportedly got access by compromising the Texas-based SolarWinds company that provides remote information technology services. The company said on Thursday it was subject to a " very sophisticated supply chain attack".
In mid-December, reports emerged that hundreds of US federal government entities and companies had been targeted by a massive cyberattack, which was instantly blamed on a foreign actor by US media.
The Washington Post, in particular, claimed that a hacking group with links to Moscow was behind intrusions but provided no evidence to back the allegation. Kremlin spokesman Dmitry Peskov has refuted claims of a recent cyberattack on US government agencies.