Microsoft, which calls the SolarWinds supply chain attack a "moment of reckoning," declared on Thursday it had completed an internal investigation of its own compromised network. It advises companies to strengthen security by adopting a zero trust mindset and protecting privileged credentials.
While the breach, which Microsoft calls "Solorigate", allowed sophisticated attackers to view source code for some of its products, Microsoft stressed that its investigators concluded neither the company's services nor its software had been used to attack others.
The closing of this investigation comes less than two months after Microsoft revealed that attackers had viewed some of the source code for its products and services. In a separate statement on Feb. 18, the Microsoft Security Response Center (MSRC) disclosed the attackers viewed specific source code repositories looking for passwords and development "secrets" used as keys to secure applications once compiled.
Microsoft's investigation found that only "a small number of [code] repositories" were accessed by the intruders, including a small subset of Azure, Intune, and Exchange components.
"The search terms used by the actor indicate the expected focus on attempting to find secrets," the MSRC states in its blog post, adding that company policy prohibits any passwords or code-signing secrets in code. Microsoft automates verification of this policy, but double-checked the code during incident response. "We have confirmed that the repositories complied and did not contain any live, production credentials," officials write.
Vasu Jakkal, corporate vice president for s ..
Support the originator by clicking the read the rest link below.
