Microsoft announced the SolarWinds hacking incident investigation report: A small amount of code leaks, will not be used to attack users

According to the foreign media mspoweruser, Microsoft today announced the final report on the Solarwinds hacking incident. The attack started in March-June 2020. Hackers infected Solarwinds, a security protection software, and used the backdoor of this software to attack a large number of US companies and government departments, among which Microsoft was also attacked. Microsoft admits that hackers have entered their systems and can view the source code of some of these products, but Microsoft said that hackers cannot use these leaked codes to attack and infect other users.

In order to investigate the impact of the Solarwinds attack, Microsoft used more than 1,000 engineers to conduct a long-term investigation. Microsoft President Smith previously said in an interview with foreign media, "This incident is the most influential and complex hacker attack in the history of the world."

Microsoft stated in the report that the following code was leaked:

• A small part of the code for Azure services, security, and authentication information
• A small part of the code for the Intune tool
• A small part of the code in the Exchange component

Microsoft said that hackers had tried to find valuable information in these codes, but because the company has complete security measures and strict code development specifications, critical codes will not be stolen by hackers. Microsoft was able to verify that the data viewed by the hacker did not contain any credentials in the real-time production loop mirror.

Lessons learned from this attack:

Microsoft said that through this attack, there are two aspects that need to be emphasized: having a zero-trust mentality and protecting credentials.

Zero Trust: This concept uses all available signals and data to verify the security status of identities, endpoints, networks, and other resources. Microsoft recently shared internally how to use this kind of thinking for defense.

Protecting credentials: This link is also crucial. Developers deploy local components to the cloud, and organizations can trust these local components. Once the local development environment is threatened, the cloud will also be affected. This makes it possible for attackers to attack cloud servers. Microsoft strongly recommends that users protect the identity credentials of cloud services to ensure that M365 cloud services are not subject to local attacks.