Microsoft has been looking into the SolarWinds attacks after it discovered an unusual activity in its systems back in December. Now, the tech giant has completed its investigation and has determined that the hackers didn’t get their hands on customer data. It also said that it found no indications that the hackers used its systems to attack its other victims — and there were many, including nine federal agencies and around 100 companies in the private sector. In fact, authorities believe as many as 18,000 entities were affected, since that was the number of SolarWinds customers that downloaded the malicious update.
Microsoft previously admitted that the perpetrators got their hands on its source code. According to its latest report, the bad actors accessed and downloaded source code for three products in particular: its cloud computing service Azure, its cloud-based management solution Intune and its mail and calendar server Exchange. In all three cases, Microsoft said the attackers only managed to access a small number of files, though they used search terms indicating that they were focused on finding company secrets.
The massive hacking campaign started sometime in October 2019, compromising networks that use SolarWinds’ Orion network management tools. Microsoft’s analysis showed that attackers first viewed its files in late November 2020. While they were cut off from the company’s systems after Microsoft caught wind of their intrusion, they kept trying to regain access until January 2021.
Aside from Microsoft, the attackers also broke into NVIDIA’s, Intel’s, Cisco’s and Belkin’s systems, as well as into government agencies’, like the US Department of Justice and the US Nuclear Security Administration. Moreover, the same attackers also tried to hack other firms, including Malwarebytes, that don’t use SolarWinds’ software. US intelligence agencies believe Russia was behind the attacks, and the results of Kaspersky’s investigation back that up. The cybersecurity firm recently revealed that the attackers used malware that resembled tools tied to a hacking group, which operates on behalf of Russia’s KGB successor, the Federal Security Service.