Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
201179 VENTUREBEAT 2021-2-18:
SolarWinds hackers downloaded some Microsoft source code for Azure, Exchange, and Intune
1.000 Find similar Compare side-by-side
201233 ARSTECHNICA 2021-2-19:
Microsoft says SolarWinds hackers stole source code for 3 products
0.856 0.630 Find similar Compare side-by-side
201299 ZDNET 2021-2-18:
Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code
0.989 0.589 Find similar Compare side-by-side
201292 ZDNET 2021-2-18:
SolarWinds attack hit 100 companies and took months of planning, says White House
0.635 0.474 Find similar Compare side-by-side
201023 ZDNET 2021-2-15:
Microsoft: SolarWinds attack took more than 1,000 engineers to create
0.467 Find similar Compare side-by-side
201064 ZDNET 2021-2-16:
Supply chain attacks are on the rise: Check your software build pipeline security
0.005 0.432 Find similar Compare side-by-side
200794 VENTUREBEAT 2021-2-15:
Hackers targeted IT monitoring company Centreon to breach organizations over 3 year period
0.408 Find similar Compare side-by-side
201079 ZDNET 2021-2-16:
Centreon says only 15 entitites were targeted in recent Russian hacking spree
0.006 0.405 Find similar Compare side-by-side
200808 ARSTECHNICA 2021-2-16:
New type of supply-chain attack hit Apple, Microsoft and 33 other companies
0.404 Find similar Compare side-by-side
201613 TECHREPUBLIC 2021-2-22:
New cloud security analysis finds default configurations and identity management are the biggest concerns
0.393 Find similar Compare side-by-side
201631 ZDNET 2021-2-19:
Microsoft readies Power Fx, a new Power Platform low-code language
0.364 Find similar Compare side-by-side
200960 ARSTECHNICA 2021-2-17:
France ties Russia’s Sandworm to a multiyear hacking spree
0.357 Find similar Compare side-by-side
201042 ZDNET 2021-2-15:
ASD says cyber attack intervention will be 'rare' under critical infrastructure Bill
0.349 Find similar Compare side-by-side
201052 ZDNET 2021-2-15:
France: Russian state hackers targeted Centreon servers in years-long campaign
0.349 Find similar Compare side-by-side
200950 VENTUREBEAT 2021-2-17:
Spectral exits stealth with $6.2 million to find costly security mistakes buried in code
0.335 Find similar Compare side-by-side
201622 ZDNET 2021-2-22:
Chinese hackers cloned attack tool belonging to NSA’s Equation Group
0.329 Find similar Compare side-by-side
200995 TECHREPUBLIC 2021-2-16:
Low-code development: Why demand for 'citizen developer' tools is growing fast
0.323 Find similar Compare side-by-side
201112 ZDNET 2021-2-19:
Microsoft 365 adds new feature so remote staff with no internet don't lose access to apps
0.321 Find similar Compare side-by-side
200850 ZDNET 2021-2-17:
Phishing: These are the most common techniques used to attack your PC
0.306 Find similar Compare side-by-side
201051 ZDNET 2021-2-15:
Microsoft Azure and Canonical Ubuntu Linux have a user privacy problem
0.302 Find similar Compare side-by-side
201011 ZDNET 2021-2-16:
Researchers want Australia's digital ID system thrown out and redesigned from scratch
0.296 Find similar Compare side-by-side
200742 ZDNET 2021-2-15:
This phishing email promises you a bonus - but actually delivers this Windows trojan malware
0.294 Find similar Compare side-by-side
201148 VENTUREBEAT 2021-2-18:
How Intel is building a culture around security 3 years after Meltdown and Spectre
0.293 Find similar Compare side-by-side
200763 VENTUREBEAT 2021-2-17:
Microsoft’s open source Dapr hits prime time to help developers embrace microservices
0.289 Find similar Compare side-by-side
201551 VENTUREBEAT 2021-2-22:
‘Antivirus is dead’: The rising enterprise security threats for 2021 and how to protect against them
0.289 Find similar Compare side-by-side

1

ID: 201179

URL: https://venturebeat.com/2021/02/18/solarwinds-hackers-downloaded-some-microsoft-source-code-for-azure-and-exchange/

Date: 2021-02-18

SolarWinds hackers downloaded some Microsoft source code for Azure, Exchange, and Intune

( Reuters) — The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsofts secret source code for authenticating customers, potentially aiding one of their main attack methods. Microsoft said in a blog post on Thursday that its internal investigation had found the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications. Some of the code was downloaded, the company said, which would have allowed the hackers even more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations. Microsoft had said before that the hackers had accessed some source code but had not said which parts or that any had been copied. U.S. authorities said Wednesday the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied. Initially discovered by security provider FireEye, the hackers used advanced skills to insert software backdoors for spying into widely used network-management programs distributed by Texas-based SolarWinds. For the most prized of the thousands of SolarWinds customers that were exposed last year, the hackers added new Azure identities, added greater rights to existing identities, or otherwise manipulated the Microsoft programs, largely to steal email. Some hacking also used such methods at targets that did not use SolarWinds. Microsoft previously acknowledged that some of its resellers, which often have continual access to customer systems, had been used in the hacks. The company continues to deny that flaws in anything it provides directly have been used as an initial attack vector. Microsoft declined to answer Reuters questions about which parts of its code had been downloaded or whether what the hackers discovered would have helped them hone techniques. The company also declined to say whether it was changing any of its code as a result of the breach. The Department of Homeland Security did not respond to questions. The company said Thursday it had completed its probe and that it had found no indications that our systems at Microsoft were used to attack others. Nevertheless, the problems with identity management have proved so pervasive in the recent attacks that multiple security companies have issued new guidelines and warnings, as well tools for detecting misuse. U.S. President Joe Biden has promised a response to the SolarWinds hacks, and an inquiry and remediation effort is being led by his top cybersecurity official, Deputy National Security Advisor Anne Neuberger. The Senate Intelligence Committee will hold a hearing on the hacks Tuesday, with witnesses including Microsoft president Brad Smith and FireEye CEO Kevin Mandia. ( Reporting by Joseph Menn; editing by Jonathan Oatis and Christopher Cushing. )