Microsoft wraps up SolarWinds investigation, says some code was stolen
However no internal Microsoft systems were affected by the hack, company says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas announced that its investigation into theSolarWinds hackis now closed but that it remains committed to the battle againstcybersecuritythreats.
The Redmond-based firm also confirmed how it had been affected by the incident and shared tips for boosting cyber defenses against future attacks.
“Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts,” the Microsoft Security Response Centerrevealed. “We continued to see unsuccessful attempts at access by the actor into early January 2021, when the attempts stopped. There was no case where all repositories related to any single product or service were accessed. There was no access to the vast majority of source code… For a small number of repositories, there was additional access, including in some cases, downloading componentsource code.”
Microsoft added that it was clearly concerning that security companies, including the likes of Malwarebytes, FireEye, and CrowdStrike, in addition to itself, were being targeted by the SolarWinds hackers.
The cybersecurity fightback
Upon announcing the formal closure of its SolarWinds investigation, Microsoft urged all companies to adopt a zero-trust mindset as part of their digital security protocols. In-depth defenses should be employed across services, encompassingemail solutions,cloud apps, endpoints,identities, and more, assuming all activity, even that conducted by trusted users, is an attempt to breach systems.
Microsoft also advises businesses to adopt cloud solutions to bolster protection, particularly with more companies looking to secure a remote workforce during the COVID-19 pandemic. Perhaps most important of all, the company believes that building a community of cybersecurity defenders is key, with shared threat intelligence proving crucial in the battle against bad actors.
Although Microsoft’s investigation into the SolarWinds breach may be over, it is unlikely to be the last we hear of the attack. Earlier this week, theUS Government confirmedthat the attack took place domestically and further information is likely to continue being released.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaVentureBeat
Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services. After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
The Galaxy S25 Ultra’s rumored iPhone-beating power could tempt me back to Android
