Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
201233 ARSTECHNICA 2021-2-19:
Microsoft says SolarWinds hackers stole source code for 3 products
1.000 Find similar Compare side-by-side
201299 ZDNET 2021-2-18:
Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code
0.885 0.731 Find similar Compare side-by-side
201179 VENTUREBEAT 2021-2-18:
SolarWinds hackers downloaded some Microsoft source code for Azure, Exchange, and Intune
0.856 0.639 Find similar Compare side-by-side
201292 ZDNET 2021-2-18:
SolarWinds attack hit 100 companies and took months of planning, says White House
0.120 0.486 Find similar Compare side-by-side
201079 ZDNET 2021-2-16:
Centreon says only 15 entitites were targeted in recent Russian hacking spree
0.481 Find similar Compare side-by-side
201064 ZDNET 2021-2-16:
Supply chain attacks are on the rise: Check your software build pipeline security
0.459 Find similar Compare side-by-side
200960 ARSTECHNICA 2021-2-17:
France ties Russia’s Sandworm to a multiyear hacking spree
0.003 0.449 Find similar Compare side-by-side
200808 ARSTECHNICA 2021-2-16:
New type of supply-chain attack hit Apple, Microsoft and 33 other companies
0.438 Find similar Compare side-by-side
201613 TECHREPUBLIC 2021-2-22:
New cloud security analysis finds default configurations and identity management are the biggest concerns
0.386 Find similar Compare side-by-side
201653 ZDNET 2021-2-22:
FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group
0.377 Find similar Compare side-by-side
200846 ZDNET 2021-2-17:
Singtel breach compromises data of customers, former employees
0.367 Find similar Compare side-by-side
200920 ARSTECHNICA 2021-2-16:
PC versions of Grand Theft Auto reverse-engineered to raw source code
0.344 Find similar Compare side-by-side
201631 ZDNET 2021-2-19:
Microsoft readies Power Fx, a new Power Platform low-code language
0.344 Find similar Compare side-by-side
201288 ZDNET 2021-2-18:
Masslogger Trojan reinvented in quest to steal Outlook, Chrome credentials
0.339 Find similar Compare side-by-side
201267 ZDNET 2021-2-17:
Microsoft starts removing Flash from Windows devices via new KB4577586 update
0.336 Find similar Compare side-by-side
201080 ZDNET 2021-2-17:
Aussie Broadband sees first half revenue almost double to AU$157 million
0.328 Find similar Compare side-by-side
201602 TECHREPUBLIC 2021-2-19:
Kia outage may be the result of ransomware
0.327 Find similar Compare side-by-side
201256 ZDNET 2021-2-18:
CrowdStrike acquires Humio for $400 million
0.317 Find similar Compare side-by-side
201622 ZDNET 2021-2-22:
Chinese hackers cloned attack tool belonging to NSA’s Equation Group
0.316 Find similar Compare side-by-side
200763 VENTUREBEAT 2021-2-17:
Microsoft’s open source Dapr hits prime time to help developers embrace microservices
0.315 Find similar Compare side-by-side
201604 ZDNET 2021-2-21:
Facebook, Google, Microsoft, TikTok, and Twitter adopt Aussie misinformation code
0.314 Find similar Compare side-by-side
201365 ARSTECHNICA 2021-2-22:
Software bugs reportedly keep Arizona inmates jailed past release dates
0.311 Find similar Compare side-by-side
201551 VENTUREBEAT 2021-2-22:
‘Antivirus is dead’: The rising enterprise security threats for 2021 and how to protect against them
0.307 Find similar Compare side-by-side
200950 VENTUREBEAT 2021-2-17:
Spectral exits stealth with $6.2 million to find costly security mistakes buried in code
0.301 Find similar Compare side-by-side
201487 ARSTECHNICA 2021-2-22:
Take-Two DMCA takes down reverse-engineered GTA source code
0.297 Find similar Compare side-by-side

1

ID: 201233

URL: https://arstechnica.com/information-technology/2021/02/microsoft-says-solarwinds-hackers-stole-source-code-for-3-products/

Date: 2021-02-19

Microsoft says SolarWinds hackers stole source code for 3 products

The company said it found no indication the breach allowed customers to be hacked. The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but theres no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used the Microsoft compromise to attack customers. Microsoft released those findings after completing an investigation begun in December, after learning its network had been compromised. The breach was part of a wide-ranging hack that compromised the distribution system for the widely used Orion network-management software from SolarWinds and pushed out malicious updates to Microsoft and roughly 18,000 other customers. The hackers then used the updates to compromise nine federal agencies and about 100 private-sector companies, the White House said on Wednesday. The federal government has said that the hackers were likely backed by the Kremlin. In a post Thursday morning, Microsoft said it had completed its investigation into the hack of its network. Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts, Thursdays report stated. We continued to see unsuccessful attempts at access by the actor into early January 2021, when the attempts stopped. The vast majority of source code was never accessed, and for those repositories that were accessed, only a few individual files were viewed as a result of a repository search, the company said. There was no case in which all repositories for a given product or service were accessed, the company added. For a small number of repositories, there was additional access, including the downloading of source code. Affected repositories contained source code for: Thursdays report went on to say that, based on searches the hackers performed on repositories, their intent appeared to be uncovering secrets included in the source code. Our development policy prohibits secrets in code and we run automated tools to verify compliance, company officials wrote. Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories. We have confirmed that the repositories complied and did not contain any live, production credentials. The hack campaign began no later than October 2019, when the attackers used the SolarWinds software build system in a test run. The campaign wasnt discovered until December 13, when security firm FireEye, itself a victim, first revealed the SolarWinds compromise and the resulting software supply chain attack on its customers. Other organizations hit included Malwarebytes, Mimecast, and the US departments of Energy, Commerce, Treasury, and Homeland Security.