The SolarWinds attack came into being in the month of December last year and since then some astounding claims of security breach are coming every then and now.
Microsoft has recently made some shocking revelations where the company revealed how its system’s security was compromised pertaining to one of the biggest cybersecurity attacks in the immediate past. The tech giant further claimed that the attack was seemingly a state-sponsored attempt to hack into its system along with a slew of other agencies related to the US government and various private firms in the country.
The SolarWinds attack came into being in the month of December last year and since then some astounding claims of security breach are coming every then and now. The investigation conducted as of now hints that the attackers have got untoward access into Microsoft’s internal network and then they might have used its system to further their cyberattacks on several other firms and agencies.
In the hindsight, Microsoft has said in a blog that the attackers accessed the internal source code in the system and thereafter have made concerted attempts of an advanced level for breaching into its systems beyond just the presence of malicious code in its technology ecosystem. The company further claimed that it came across some unsolicited accounts having access to its internal source code despite not having any permission to modify it. Following the investigation made into the hacking, the company has now claimed that no substantial changes posing any hazard have been made so far.
Other than Microsoft being the latest victim of the attack, there have been several US agencies who have witnessed such attacks in the past US treasury department, US Department of Commerce’s National Telecommunications and Information Administration, Cybersecurity and Infrastructure Agency, US Department of State, Department of Homeland Security.
Such sort of cyberattacks has been particularly categorised as quite dangerous because unwarranted access to source code can easily give the hackers access towards the build of the software while also providing them with certain loopholes and shortcomings in the software. In that case, the users as well as the software itself completely lies at the mercy of the hackers. But quite interestingly Microsoft has retorted saying that mere access to the source code will not allow any massive risks which many claims that the tech giant is seemingly downplaying the hazard posed by such attacks.
According to the information cited by Reuters, the US National Security Agency issued a cybersecurity advisory claiming that Microsoft Azure cloud services might have been compromised and breached while directing users to lockdown their systems. As far as techniques of hacking of the systems are considered, experts claim that hackers would have entered through Microsoft’s cloud services.
Security agencies are still contemplating the aftermath of the attack while asking and alerting several other companies to beware and keep checking their systems of any sort of penetration. But this has become seemingly difficult as the attackers have quite cleverly erased the files, logs and electronic footprints they got access to. That’s why many companies in the US still are clueless whether they were attacked or not, claims Reuters report.
Delving into the functioning of the malware, the firm FireEye went onto explain that the SolarWinds Orion plugin communicates with third-party servers through HTTP while it contains a backdoor medium. Further, the plugin remains inactive for a period of two weeks and thereafter gradually executes the tasks of transferring the files and implementing the commands of manipulating the system functioning.