So viewing source code isn’t tied to elevation of risk.Īs with many companies, we plan our security with an “assume breach” philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code.
#Microsoft solarwinds software
These accounts were investigated and remediated.Īt Microsoft, we have an inner source approach – the use of open source software development best practices and an open source-like culture – to making source code viewable within Microsoft. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor. Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. Having investigated further, we can now report that we have not found evidence of the common TTPs (tools, techniques and procedures) related to the abuse of forged SAML tokens against our corporate domains.
The investigation, which is ongoing, has also found no indications that our systems were used to attack others.Īs we previously reported, we detected malicious SolarWinds applications in our environment, which we isolated and removed.
Our investigation into our own environment has found no evidence of access to production services or customer data.
#Microsoft solarwinds update
Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want to share an update from our ongoing internal investigation. Department of Justice has accused Russia of being behind the attack.As we said in our recent blog, we believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Previously, Microsoft identified 40 of its customers that were targeted by the SolarWinds attack. Attackers were able to exploit vulnerabilities in the SolarWinds Orion software to gain access to data. Microsoft President Brad Smith said that the SolarWinds attack was probably "the largest and most sophisticated attack the world has ever seen." The attack targeted private businesses and government agencies. Department of Justice shared a long list of offices that had one or more employees with Microsoft 365 accounts compromised in connection to the SolarWinds attacks:
It's believed that attackers had access to compromised accounts from approximately May 7 to December 27, 2020. "The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts," says the U.S. Compromised data includes sent, received, and stored emails, as well as email attachments. Attorneys' offices had at least one employee with a Microsoft 365 account compromised in connection to the SolarWinds attack. Department of Justice shared details regarding how the SolarWinds attack affected federal offices.
0 kommentar(er)
