Over 100 private sector firms were breached in the SolarWinds attack, the White House has revealed.
Anne Neuberger, deputy national security advisor for cyber and emerging technology, told the press yesterday that many of those affected were technology companies, “whose products could be used to launch additional intrusions.”
That’s certainly what appears to have happened with the targeting of firms like FireEye, Microsoft, Malwarebytes, Mimecast and Palo Alto Networks — although not all of these attacks were successful.
Neuberger also confirmed that nine government departments and agencies were affected, and that the attackers were likely Russian in origin.
Also yesterday, Microsoft revealed it had completed its investigation into the incident.
The tech giant claimed that the attackers had managed to access and download source code related to Azure, InTune and Exchange — but added that “only a few files” were viewed for most repositories.
“The search terms used by the actor indicate the expected focus on attempting to find secrets. Our development policy prohibits secrets in code and we run automated tools to verify compliance,” the firm continued.
“Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories. We have confirmed that the repositories complied and did not contain any live, production credentials.”
Microsoft argued that the attack shows why a zero trust approach and protecting credentials are vital for organizations serious about minimizing cyber risk.
“The investigation found no indications that our systems at Microsoft were used to attack others,” it explained. “Because of our defense-in-depth protections, the actor was also not able to gain access to privileged credentials or leverage the SAML techniques against our corporate domains.”