Home>Blog>The Hacker News Headlines>Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code
The Hacker News Headlines

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the
SolarWinds supply chain attack were able to gain access to a small
number of internal accounts and escalate access inside its internal
network.

The “very sophisticated nation-state actor” used the
unauthorized access to view, but not modify, the source code
present in its repositories, the company said.

“We detected unusual activity with a small number of internal
accounts and upon review, we discovered one account had been used
to view source code in a number of source code repositories,” the
Windows maker disclosed[1]
in an update.

“The account did not have permissions to modify any code or
engineering systems and our investigation further confirmed no
changes were made. These accounts were investigated and
remediated.”

The development is the latest in the far-reaching espionage saga[2]
that came to light earlier in December following revelations by
cybersecurity firm FireEye that attackers had compromised its
systems via a trojanized SolarWinds update to steal its Red Team
penetration testing tools.

During the course of the probe into the hack, Microsoft had
previously admitted[3]
to detecting malicious SolarWinds binaries in its own environment
but denied its systems were used to target others or that attackers
had access to production services or customer data.

Several other companies, including Cisco, VMware, Intel, NVIDIA,
and a number of other US government agencies, have since discovered
markers of the Sunburst (or Solorigate) malware on their networks,
planted via tainted Orion updates.

The Redmond-based company said its investigation is still
ongoing but downplayed the incident, adding “viewing source code
isn’t tied to elevation of risk” and that it had found evidence of
attempted activities that were neutralized by its protections.

In a separate analysis[4]
published by Microsoft on December 28, the company called the
attack a “cross-domain compromise” that allowed the adversary to
introduce malicious code into signed SolarWinds Orion Platform
binaries and leverage this widespread foothold to continue
operating undetected and access the target’s cloud resources,
culminating in the exfiltration of sensitive data.

SolarWinds’ Orion software, however, wasn’t the only initial
infection vector, as the US Cybersecurity and Infrastructure
Security Agency (CISA) said the attackers used other methods as
well, which have not yet been publicly disclosed.

The agency also released supplemental guidance[5]
urging all US federal agencies that still run SolarWinds Orion
software to update to the latest 2020.2.1 HF2[6]
version.

“The National Security Agency (NSA) has examined this version
and verified that it eliminates the previously identified malicious
code,” the agency said.

References

  1. ^
    disclosed
    (msrc-blog.microsoft.com)
  2. ^
    espionage saga
    (thehackernews.com)
  3. ^
    previously admitted
    (thehackernews.com)
  4. ^
    analysis
    (www.microsoft.com)
  5. ^
    guidance
    (cyber.dhs.gov)
  6. ^
    2020.2.1
    HF2     (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.