But they didn’t get their hands on customer data, Microsoft said.
Microsoft is investigating the SolarWinds attacks after it discovered unusual activity on its systems in December. Now, the tech giant has completed its investigation and determined that hackers did not get their hands on customer data. He also said he found no indication that hackers used their systems to attack their other victims – and there were many, including nine federal agencies and about 100 private sector companies. In fact, the authorities believe that up to 18,000 entities were affected, as that was the number of SolarWinds customers who downloaded the malicious update.
Microsoft previously admitted that criminals got their hands on its source code. According to their latest report, evildoers accessed and downloaded the source code for three products in particular: their Azure cloud computing service, their Intune cloud-based management solution, and their Exchange email and calendar server. In all three cases, Microsoft said the attackers were able to access only a small number of files, although they used search terms indicating they were focused on finding company secrets.
The massive hacking campaign began in October 2019, compromising networks using SolarWinds’ Orion network management tools. Microsoft’s analysis showed that attackers first viewed their files in late November 2020. Although they were disconnected from the company’s systems after Microsoft noticed their intrusion, they continued to try to regain access until January 2021.
In addition to Microsoft, the attackers also hacked into the systems of NVIDIA, Intel, Cisco and Belkin, as well as government agencies such as the U.S. Department of Justice and the U.S. Nuclear Security Administration. In addition, the same attackers also tried to hack other companies, including Malwarebytes, which do not use SolarWinds software. US intelligence agencies believe Russia is behind the attacks, and the results of Kaspersky’s investigation confirm this. The cybersecurity company recently revealed that attackers used malware that resembled tools linked to a group of hackers, which operates on behalf of Russia’s KGB successor, the Federal Security Service.