Did it compromise Microsoft services and customer data? Let’s find out.
SolarWinds sells software that allows an organization to see what is going on in its computer networks. The company released an update of that software called Orion.
However, the hackers managed to insert a malicious code into Orion. SolarWinds has 18,000 customers and a few of them installed the compromised update onto their systems.
The scale of the hack keeps growing as new details emerge.
Significant and Ongoing
The US national security agencies called it significant and ongoing. The agencies aren’t sure how many companies have been affected and the information that hackers obtained during the attack.
But the attack is powerful.
The massive attack also affected Microsoft. According to the Windows maker, the attack affects more than 40 customers.
On Thursday, Microsoft admitted that the hackers viewed its source code. Fortunately, they didn’t alter it.
In a blog post, Microsoft’s Security Response Center wrote:
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
No Evidence to Attack Others
Even though the hackers viewed the source code, Microsoft didn’t find evidence that hackers used its products to attack others.
The company also found that hackers didn’t access production services or consumer data.
How Did the Attack Start?
As previously mentioned, hackers slipped a code into an Orion update.
It might be easier for them because the company lacks a security culture as shown by the use of solarwinds123 as its password for its update server.
When users downloaded and installed the tainted update, they gave the hackers access to their networks.
Experts called it a supply-chain attack as it targets a supplier, instead of an organization.
As a result, it affects every customer of the supplier. It’s a common way to attack networks, though.
Even though SolarWinds removed its list of customers from its website, the Internet Archive saved it.
And it showed that its customers include the White House, the US military (all five branches), the majority of Fortune 500 companies, and a lot more. Yes, it includes Microsoft.
Most of these companies are in the US. However, the attack targeted networks in Spain, Israel, Mexico, Belgium, and the UAE.
After penetrating the network, the hackers can still access it even though admins fixed the flaws. In that case, the code can compromise other systems and accounts.
Thus, the only way to recover from this attack is to burn it and rebuild it. It’s like reformatting your computer.
Because of its scope, Microsoft President Brad Smith said that the assault was “an attack on the United States and its government and other critical institutions, including security firms. It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous.”
Who’s the attacker?
Microsoft said that the attacker is a sophisticated nation-state actor. But the US government officials implied that Russia is the architect of the SolarWinds attack.