The SolarWinds campaign has recently launched an attack from inside the United States to complicate US government efforts to observe their activity.
The incident is recorded as one of the worst breaches in US history. According to a Microsoft report, some Microsoft source codes were read and downloaded. Still, no evidence was found on whether they were able to access production servers or customer data. The software makers also reported finding no trace of the hackers using the Microsoft compromise to attack customers.
After closing the investigation that began in December, Microsoft decided to discuss the findings after knowing that its network was compromised. The act was a part of a wide-ranging hack that compromised the distribution system used widely for the Orion network-management software from SolarWinds. This sent out malicious updates to Microsoft and roughly 18,000 other customers.
The White House said the hackers used updates to compromise nine federal agencies and about 100 private-sector companies. The federal government also noticed that Kremlin, in all likelihood, fully supported the hackers.
A report from the sources states, “Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts.” “We continued to see unsuccessful attempts at access by the actor into early January 2021, when the attempts stopped.”
Microsoft has also mentioned that it had already completed its investigation into the hack of its network.
The company reported that the source code’s maximum part was never accessed. For the accessible part of the repository, only a few individual files could be viewed as a result of a repository search. Also, it did not include a case in which all repositories for a given product or service were accessed, added the company.
There was additional access for a ‘small’ number of repositories, including downloading source code. Affected repositories contained source code for:
- a small subset of Azure components (subsets of service, security, identity)
- a small subset of Exchange components
- a small subset of Intune components
The company’s report further added that based on the hackers’ searches performed on the repositories, they intended to uncover secrets included in the source code.
“Our development policy prohibits secrets in code and we run automated tools to verify compliance,” company officials wrote. “Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories. We have confirmed that the repositories complied and did not contain any live production credentials.”
In the later part of October 2019, the hacking campaign began when the attackers used the SolarWinds software to build the test run system. The first campaign was launched on December 13 when the security firm FireEye experienced the first SolarWinds compromise and the resultant software supply chain attack on its customers. Mimecast, Malwarebytes, and the US departments of Energy, Treasury, Commerce, and Homeland Security were among the other severely hit organizations.