SolarWinds hacking campaign puts Microsoft in hot seat
Live MintThe sprawling, months long hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds for the company whose software update Russian intelligence agents stealthily seeded with malware to penetrate sensitive government and private networks. The SolarWinds hackers took full advantage of what George Kurtz, CEO of top cybersecurity firm CrowdStrike, called “systematic weaknesses" in key elements of Microsoft code to mine at least nine U.S. government agencies — the departments of Justice and Treasury, among them — and more than 100 private companies and think tanks, including software and telecommunications providers. The campaign’s “hallmark" was the intruders’ ability to impersonate legitimate users and create counterfeit credentials that let them grab data stored remotely by Microsoft Office, the acting director of the Cybersecurity Infrastructure and Security Agency, Brandon Wales, told a mid-March congressional hearing. “Microsoft chooses the default settings in the software it sells, and even though the company knew for years about the hacking technique used against U.S. government agencies, the company did not set default logging settings to capture information necessary to spot hacks in progress," Wyden said. The OPM shared data across multiple agencies using Microsoft's authentication architecture, granting access to more users than it safely should have, said Dukes, now the managing director for the nonprofit Center for Internet Security.