Microsoft a tech giant company said, it found malicious software in its systems.
According to report by reuters,
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said, adding that the company had found “no indications that our systems were used to attack others.”
Both Microsoft and the DHS (Department of Homeland Security) , which earlier on Thursday said the hackers used multiple methods of entry, are continuing to investigate.
In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.
CISA Issue Advisory
Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.
SolarWinds Orion Supply Chain Compromise
SolarWinds Orion is an enterprise network management software suite that includes performance and application monitoring and network configuration management along with several different types of analyzing tools. SolarWinds Orion is used to monitor and manage on-premise and hosted infrastructures. To provide SolarWinds Orion with the necessary visibility into this diverse set of technologies, it is common for network administrators to configure SolarWinds Orion with pervasive privileges, making it a valuable target for adversary activity.
What Happened with SolarWinds?
SolarWinds confirmed the cyber attack on 14 Dec, the company have been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run. SolarWinds has been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state, but SolarWinds has not independently verified the identity of the attacker.
SolarWinds has retained third-party cybersecurity experts to assist in an investigation of these matters, including whether a vulnerability in the Orion monitoring products was exploited as a point of any infiltration of any customer systems, and in the development of appropriate mitigation and remediation plans. SolarWinds is cooperating with the Federal Bureau of Investigation, the U.S. intelligence community, and other government agencies in investigations related to this incident.
Based on its investigation to date, SolarWinds has evidence that the vulnerability was inserted within the Orion products and existed in updates released between March and June 2020 (the “Relevant Period”), was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products, as said.
