What's new

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

ThumperTM

La Patróna
Owner
Aug 18, 2010
12,474
8,906
OS
Windows 10
BR
Chrome 87.0.4280.88
microsoft-hacked.jpg
The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought.

News of Microsoft's compromise was first reported by Reuters, which also said the company's own products were then used to strike other victims by leveraging its cloud offerings, citing people familiar with the matter.

The Windows maker, however, denied the threat actor had infiltrated its production systems to stage further attacks against its customers.

In a statement to The Hacker News via email, the company said —

"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others."

Characterizing the hack as "a moment of reckoning," Microsoft president Brad Smith said it has notified over 40 customers located in Belgium, Canada, Israel, Mexico, Spain, the UAE, the UK, and the US that were singled out by the attackers. 44% of the victims are in the information technology sector, including software firms, IT services, and equipment providers.

CISA Issues New Advisory​

The development comes as the US Cybersecurity and Infrastructure Security Agency (CISA) published a fresh advisory, stating the "APT actor [behind the compromises] has demonstrated patience, operational security, and complex tradecraft in these intrusions."

"This threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations," it added.

But in a twist, the agency also said it identified additional initial infection vectors, other than the SolarWinds Orion platform, that have been leveraged by the adversary to mount the attacks, including a previously stolen key to circumvent Duo's multi-factor authentication (MFA) to access the mailbox of a user via Outlook Web App (OWA) service.

microsoft.jpg

Digital forensics firm Volexity, which tracks the actor under the moniker Dark Halo, said the MFA bypass was one of the three incidents between late 2019 and 2020 aimed at a US-based think tank.

The entire intrusion campaign came to light earlier this week when FireEye disclosed it had detected a breach that also pilfered its Red Team penetration testing tools.

Since then, a number of agencies have been found to be attacked, including the US departments of Treasury, Commerce, Homeland Security, and Energy, the National Nuclear Security Administration (NNSA), and several state department networks.

While many details continue to remain unclear, the revelation about new modes of attack raises more questions about the level of access the attackers were able to gain across government and corporate systems worldwide.

Microsoft, FireEye, and GoDaddy Create a Killswitch​

Over the last few days, Microsoft, FireEye, and GoDaddy seized control over one of the main GoDaddy domains — avsvmcloud[.]com — that was used by the hackers to communicate with the compromised systems, reconfiguring it to create a killswitch that would prevent the SUNBURST malware from continuing to operate on victims' networks.

For its part, SolarWinds has not yet disclosed how exactly the attacker managed to gain extensive access to its systems to be able to insert malware into the company's legitimate software updates.

Recent evidence, however, points to a compromise of its build and software release system. An estimated 18,000 Orion customers are said to have downloaded the updates containing the back door.

Symantec, which earlier uncovered more than 2,000 systems belonging to 100 customers that received the trojanized SolarWinds Orion updates, has now confirmed the deployment of a separate second-stage payload called Teardrop that's used to install the Cobalt Strike Beacon against select targets of interest.

The hacks are believed to be the work of APT29, a Russian threat group also known as Cozy Bear, which has been linked to a series of breaches of critical US infrastructure over the past year.

The latest slew of intrusions has also led CISA, the US Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI) to issue a joint statement, stating the agencies are gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.

Calling for stronger steps to hold nation-states accountable for cyberattacks, Smith said the attacks represent "an act of recklessness that created a serious technological vulnerability for the United States and the world."

"In effect, this is not just an attack on specific targets, but on the trust and reliability of the world's critical infrastructure in order to advance one nation's intelligence agency," he added.

Source: TheHackerNews
 

DVDR_Dog

Well-Known Member
Ultimate Donator
Donator
VIP
Nov 5, 2018
929
528
OS
Windows 10
BR
Chrome 87.0.4280.88
Putin must have told these groups to lay low during the 2020 election cycle in the USA. This intrusion was kept really quiet, I am aware of their battery of infected phones out there waiting for the command.
It's messed up but members of these groups make darn good money and the state for the most part leaves them alone aka no DMCA or electronic espionage reciprocity.
So I guess we can chalk this up to "Hey they were bored and had to figure out something to do".
 
Similar threads
Thread starter Title Forum Replies Date
Z Can't install Microsoft Office 2016 in Mac OS Catalina 10.15.7 Smartphones and other Devices Chat & Support 2
ThumperTM Microsoft, McAfee and 17 other entities unite to form Ransomware Task Force Windows News 2
A Windows 10 Microsoft Outlook issue Windows 10 Help and Support 2
ThumperTM Microsoft releases Windows 10 build 19042.662 - here's what's new Windows News 9
ThumperTM Microsoft is once again reportedly bringing Android apps to Windows Windows News 2
M Windows 10 Microsoft office 16 activation Windows 10 Help and Support 4
DVDR_Dog Microsoft urges users to stop using phone-based multi-factor authentication General Security 1
A microsoft office word 2019 hyphenation problem Windows 10 Software Chat and Support 1
DVDR_Dog Microsoft Scraps Subscription Model? Windows News 0
L Help with Microsoft office 2016 Activation Windows 10 Help and Support 1
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 4
DVDR_Dog Microsoft confirms Windows 10 slow boot issue due to KB4559309 Windows 10 Help and Support 2
DVDR_Dog Microsoft Strikes Out Again (3 strikes, no balls. No runs, no hits, countless errors) Smartphones and other Devices Chat & Support 2
V Solved MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 29
ThumperTM Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable Windows News 1
C Installation/activation of MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 24
DVDR_Dog Microsoft Fixes Windows 10 1903 Network Issue Windows 10 Upgrade and Installation 0
DVDR_Dog Microsoft confirms installation issues in Windows 10 updates 8/19/2019 Windows 10 Upgrade and Installation 5
DVDR_Dog Microsoft Surface Windows 10 Hardware Chat and Support 1
DVDR_Dog Well Sorta It's Microsoft After All Windows News 0
DVDR_Dog Nation-Backed Hackers Targeted 10,000 Microsoft Customers General Security 1
S Microsoft office pro plus 2016 not fully installing on Windows 10. Windows 10 Help and Support 4
S Microsoft Office Pro Plus 16 patch file? Windows Apps 10
ThumperTM Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities Windows News 0
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 1
ThumperTM Microsoft Announces Windows Defender ATP Antivirus for Mac Windows News 0
ThumperTM Microsoft to end support for Windows 7 in 1-year from today Windows News 0
K Microsoft Office 2016 PRO Plus not activating Windows 8 and 7 Help and Support 0
R Microsoft Office for Mac 2016 Windows 8 and 7 Help and Support 1
B Microsoft Office Pro 2016 Not Working Suddenly Windows 8 and 7 Help and Support 4
R Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Software Chat and Support 2
L Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Help and Support 2
D in regards to MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 5
D MICROSOFT Office PRO - Is it possible to avoid the "Let's get started" pop up when opening word? Windows 8 and 7 Help and Support 0
B MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 49
J can proceed to installation for microsoft office 2016 Windows 10 Help and Support 1
M Microsoft Office Pro Plus 2016 - Installing on MAC Windows 8 and 7 Help and Support 0
M I got Microsoft office 2016 question Windows 8 and 7 Software Chat and Support 4
J regarding MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 0
B Microsoft Windows 10 1607 Oct HELP !! Windows 8 and 7 Help and Support 0
M Microsoft Office 2016 Windows 8 and 7 Help and Support 5
U Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Help and Support 0
D Microsoft Office 2016 question Windows 8 and 7 Help and Support 4
L microsoft office 2016 pro plus Windows 8 and 7 Help and Support 4
W MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator Windows 8 and 7 Help and Support 11
R Microsoft Office Pro 2016 [HELP] Windows 8 and 7 Help and Support 3
T Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Software Chat and Support 10
O Microsoft Windows 10 PRO (x64-x86) Sep 2015 Windows 8 and 7 Help and Support 9
D Microsoft Windows 10 6in1 FULL (x64) Jan 2016 [TechTools] Problem Windows 8 and 7 Help and Support 1
N Building an Office Pro AIO Manually (Microsoft Office ProPlus, ProjectPro and VisioPro) Tutorials 5

Similar threads

Online statistics

Members online
2
Guests online
71
Total visitors
73
Top