The US government alleged that the hackers had the support of the Kremlin. Using the updates, the hackers compromised 9 federal agencies and at least 100 private-sector organizations. They could have targeted around 18,000 other entities since the number of SolarWinds customers had downloaded the update. The attackers sent out malicious updates to Microsoft. SEE: SolarWinds hackers hit 40 agencies including US Nuclear Agency In this wide-ranging hacking spree that began in Oct 2019 and was first reported by FireEye on, the distribution system for a commonly used Orion network-management software from SolarWinds was compromised. SolarWinds saga will go down in history as the worst ever data breach. SolarWinds- US’s Digital History’s Worst Breach Furthermore, the company claims that they couldn’t find any evidence that hackers attacked other victims using its systems during their investigation. Microsoft has completed its investigation and confirmed that the hackers couldn’t obtain customer data. However, it also stated that the hackers used search terms that indicate they were trying to find company secrets. The company now claims that the attacker could access just a small fraction of files. SEE: Malwarebytes says it was also breached by SolarWinds hackers In its latest report, Microsoft confirmed that SolarWinds hackers accessed the source code of three of its products, namely- Azure (its cloud computing service), Exchange (its mail and calendar server), and Intune (its cloud-based management solution). At the time, the tech giant claimed that hackers couldn’t modify the code or systems. previously reported that SolarWinds hackers infiltrated Microsoft’s systems, and several source code repositories were accessed. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.The US has blamed Russia for attacks carried out by SolarWinds hackers. “It is imperative that security companies continue to share information that can help the greater industry in times like these, particularly with such new and complex attacks often associated with nation state actors.” “While we have learned a lot of information in a relatively short period of time, there is much more yet to be discovered about this long and active campaign that has impacted so many high-profile targets,” concludes the company. Malwarebytes performed a deep investigation through its infrastructure, inspecting its source code, build and delivery processes, but it confirmed that internal systems showed no evidence of unauthorized access or compromise. This means that the customers of the security firm were not impacted using its anti-malware solution. The security firms explained that it does not use Azure cloud services in its production environments. With the support of Microsoft’s Detection and Response Team (DART), Malwarebytes discovered that the attackers leveraged a dormant email protection product within our Office 365 tenant that allowed access to a limited subset of internal company emails. Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15. The activity was consistent with the tactics, techniques, and procedures (TTPs) of the SolarWinds attackers. On December 15, Microsoft Security Response Center warned the security firm of suspicious activity from a third-party application in its Microsoft Office 365 tenant. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.” “After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.” reads the post published by malwarebytes. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. The intruders compromised some internal systems by exploiting a weakness in Azure Active Directory and abused malicious Office 365 applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |