Posted on February 20, 2021 at 11:03 PM
Microsoft has completed its investigation of the SolarWinds attack. According to the tech giant, the threat actors behind the attack didn’t have access to customer data.
However, they succeeded in downloading a part of the source codes for three Microsoft products – Azure, Exchange services, and Intune.
Microsoft also showed that there was no evidence that the threat actors used any compromised Microsoft service to attack any customer.
The company started its investigation in December after one of the most sophisticated cyber-attacks in U.S. history. Microsoft also said it has seen unsuccessful attempts by the threat actors in January, but the attempts have stopped
The network breach was one of the severe wide-ranging hacks on the popular Orion network-management software from SolarWinds.
The hackers later send malicious updates to thousands of customers. Afterward, they used the updates to breach about 100 private firms and nine major federal agencies.
Actors backed by Kremlin Group
According to investigations by the U.S. agencies, the threat actors were probably backed by the Kremlin group.
The Microsoft report revealed that the first viewing of a file in the source code repository happened in November last year.
Microsoft also said it discovered several attempts by the hackers to gain access to the files.
The tech giant also said there were only a few files affected and a significant part of the source code was unaffected.
For the files affected, some additional access codes were affected.
The report also revealed that the threat actors seem to be interested in the secrets hidden in the source code and not for anything else.
Microsoft added that its development policy does not allow any secrets in code and it always conducts automated tools or the verification of any compliance.
“We thereby confirm that the repositories complied and didn’t have any live or production credentials,” Microsoft reiterated.
The hacking activity began in October 2019 after the hackers took advantage of the SolarWinds software to carry out a run test run.
However, the campaign continued until December when the FireEye security team discovered the breach.
SolarWinds attacks affected several organizations
After FireEye revealed the incident, some affected companies started revealing that they were impacted.
Some of the organizations affected include Mimecast, Malwarebytes, and U.S. agencies like Homeland Security, U.S. departments of Treasury, Commerce, and Energy.
Microsoft revealed that the attacks have pointed out two major areas they want to emphasize – protecting privileged credentials and embracing a Zero Trust mindset.
Microsoft asks organizations to beef up security
Microsoft has also released an advisory and guidance for companies to use Zero Trust principles when protecting their systems against critical attacks like Solorigate.
The Zero Trust uses available data and signals to verify the security status, networks, and other endpoints.
The company also said it’s vital to protect credentials. Organizations can also delegate trust to on-premises components, especially in deployments that link on-premises infrastructure to the cloud.
That’s because the organizations will be exposed to hacking attacks if the on-premises environment is exploited. It will open the door for threat actors to launch attacks on cloud services. Microsoft has also recommended the mastering of identity in the Cloud.
Other security agencies have also advised organizations on the best ways to protect their systems against attacks. They have stressed the need to use multi-factor authentication, especially for those who allow users to log into their portal. With this type of authentication, it will be very difficult for hackers to pass through all the security checks and compromise networks.
Microsoft said it used an in-depth security control system to investigate the SolarWinds hacking incident. The company said the attack could have affected its systems if its cybersecurity personnel didn’t spot the attacks on time.
As a result, Microsoft is reiterating the importance of security best practices for all organizations that want to protect their data and networks from threat actors.