Approximately 30% of the private-sector and government victims have no direct connection to SolarWinds.
The attackers gained access to their target by exploiting know vulnerabilities in software and by guessing passwords. The most notorious target was Microsoft Corp, which is believed to be the initial entry point where the attacker had access to companies unrelated to SolarWinds. In many cases, the SolarWinds hackers took advantage of known Microsoft configuration bugs to trick systems into giving them access to emails and documents stored on the cloud.
Although back in December when the attack surfaced, Microsoft said it had “found no indications that our systems were used to attack others.” later, it notified to CrowdStrike and Malwarebytes that the SolarWinds hackers had targeted them. In fact, they have identified more than 40 customers hit by the attack. That number has since increased!
Last week Malwarebytes announced that the SolarWinds compromised a considerable number of their Microsoft cloud emails. The hackers broke their Microsoft Office 365 account and took advantage of a software misconfiguration. It caused a major data breach where a large among of email accounts was leaked. The Company said it doesn’t use SolarWinds software.
Investigators have found that bugs in the Microsoft service authentication process were exploited so that attackers could go from a cloud-computing account to another. “This is certainly one of the most sophisticated actors that we have ever tracked in terms of their approach, their discipline, and range of techniques that they have,” said John Lambert, the manager of Microsoft’s Threat Intelligence Center.
The attackers “gained access to their targets in a variety of ways. This adversary has been creative,” said Mr. Wales, whose agency, part of the U.S. Department of Homeland Security, is coordinating the government response. In some cases, they target people in a higher position to extract the more and most sensitive information within an organization.
SolarWinds itself is investigating and probing whether Microsoft’s cloud was the initial entry point. The incident will take a long time to get fully unravel; however, fingers are pointing to only one question. ”Can we still trust our technology partners?”