Nefarious SolarWinds Hackers Accessed Microsoft Exchange, Azure Security And Identity Source Code
by
Nathan Ord
—
Sunday, February 21, 2021, 01:44 PM EDT
The Solorigate hack, which ensnared Microsoft, is finally coming to a close for the Redmond, Washington-based company. The Microsoft Security Response Center (MSRC) team wrote a blog post explaining what they had found in the now-completed investigation following the SolarWinds ordeal. It seems that while hackers stole some files, it was not a big deal for Microsoft as this only reinforced the policies the company has in place.
In December of last year, cybersecurity company FireEye discovered hackers had breached SolarWinds Orion, an IT administration and management software package. The hack was found to date back to Spring of 2020, meaning any Orion customer could have been infiltrated. This software is often used by a plethora of government organizations, private corporations and businesses, and other entities. Among the estimated 18,000 Orion customers, Microsoft had data accessed and downloaded, spurring an investigation into what Microsoft President Brad Smith called the “largest and most sophisticated attack the world has ever seen.”
Just over two months later, Microsoft is now concluding its investigation into its internal systems and has decided to share the findings. Most importantly, there was “no evidence of access to production services or customer data.” Moreover, there was no access to “repositories related to any single product or service” or “to the vast majority of source code.” The only things that the attackers accessed were a few individual files for the most part, besides additional access in a few select repositories. This additional access included downloading components for Azure, Intune, and Exchange.
Microsoft determined that the hackers accessed all this data to find “secrets in code,” which Microsoft’s development policy prohibited. However, as a “just in case” move, the security team verified “current and historical branches of the repositories” to make sure they did not contain any credentials or anything of other importance.
Overall, Microsoft has taken this as a healthy learning experience to reinforce policies to help prevent issues like this in the future. At the forefront of security is a “zero trust” and “assumed breach” model that keeps data segmented for security and keeps people on their toes, assuming that a bad actor is already inside the system though they may not be. Ultimately, individuals and companies alike need to follow similar procedures to Microsoft lest they learn these lessons the hard way.