viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
Microsoft says SolarWinds hackers stole source code for 3 products
Technology

Microsoft says SolarWinds hackers stole source code for 3 products

19/02/2021

Shadowy figures stand beneath a Microsoft logo on a faux wood wall.

The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used the Microsoft compromise to attack customers.

Microsoft released those findings after completing an investigation begun in December, after learning its network had been compromised. The breach was part of a wide-ranging hack that compromised the distribution system for the widely used Orion network-management software from SolarWinds and pushed out malicious updates to Microsoft and roughly 18,000 other customers.

The hackers then used the updates to compromise nine federal agencies and about 100 private-sector companies, the White House said on Wednesday. The federal government has said that the hackers were likely backed by the Kremlin.

In a post Thursday morning, Microsoft said it had completed its investigation into the hack of its network.

“Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts,” Thursday’s report stated. “We continued to see unsuccessful attempts at access by the actor into early January 2021, when the attempts stopped.”

Advertisement

The vast majority of source code was never accessed, and for those repositories that were accessed, only a “few” individual files were viewed as a result of a repository search, the company said. There was no case in which all repositories for a given product or service were accessed, the company added.

For a “small” number of repositories, there was additional access, including the downloading of source code. Affected repositories contained source code for:

  • a small subset of Azure components (subsets of service, security, identity)
  • a small subset of Intune components
  • a small subset of Exchange components

Thursday’s report went on to say that, based on searches the hackers performed on repositories, their intent appeared to be uncovering “secrets” included in the source code.

“Our development policy prohibits secrets in code and we run automated tools to verify compliance,” company officials wrote. “Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories. We have confirmed that the repositories complied and did not contain any live, production credentials.”

The hack campaign began no later than October 2019, when the attackers used the SolarWinds software build system in a test run. The campaign wasn’t discovered until December 13, when security firm FireEye, itself a victim, first revealed the SolarWinds compromise and the resulting software supply chain attack on its customers. Other organizations hit included Malwarebytes, Mimecast, and the US departments of Energy, Commerce, Treasury, and Homeland Security.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

Fast & Furious: Crossroads lives video games a quarter-mile at a time
TechCrunch ist Teil von Verizon Media. Klicken Sie auf ‘Ich …

Los Angeles-based challenger bank HMBradley officially opens its virtual doors

Google Meet noise cancellation is rolling out now — here’s how it works
Google is turning on AI-powered noise cancellation in Google Meet …

Google Meet noise cancellation is rolling out now — here’s how it works

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • Dragon Age 4 gets new trailer at The Game Awards
    Dragon Age 4 gets new trailer at …
    12/12/2020
  • Netflix leases New York’s Paris Theatre – TechCrunch
    Netflix leases New York’s Paris Theatre – …
    27/11/2019
  • Hearthstone’s Mike Donais and Conor Kou break down Battlegrounds’ recent changes and future
    Hearthstone’s Mike Donais and Conor Kou break …
    27/11/2019
  • Google announces the Open Usage Commons to help open source projects manage trademarks
    Google announces the Open Usage Commons to …
    08/07/2020
  • 2020 will be a big year for online childcare — here are 7 startups to watch
    Google backtracks on search results design
    25/01/2020

Popular Posts

  • Comcast hides upload speeds deep inside its infuriating ordering system
    Comcast hides upload speeds deep inside its …
    03/03/2021 0
  • 10 Outrageous Feasts From History – Listverse
    02/02/2021 0
  • Jeff Bezos to leave Amazon CEO post after 27 years, become executive chair
    Jeff Bezos to leave Amazon CEO post …
    02/02/2021 0
  • Comcast overcharged elderly couple $600, denied refund until contacted by Ars
    Comcast lifts uploads to 5Mbps amid complaints …
    03/02/2021 0
  • High-performance computers are under siege by a newly discovered backdoor
    High-performance computers are under siege by a …
    03/02/2021 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2021 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh