SolarWinds hacking campaign puts Microsoft in hot seat
3 years, 8 months ago

SolarWinds hacking campaign puts Microsoft in hot seat

Live Mint  

The sprawling, months long hacking campaign deemed a grave threat to U.S. national security came to be known as SolarWinds for the company whose software update Russian intelligence agents stealthily seeded with malware to penetrate sensitive government and private networks. The SolarWinds hackers took full advantage of what George Kurtz, CEO of top cybersecurity firm CrowdStrike, called “systematic weaknesses" in key elements of Microsoft code to mine at least nine U.S. government agencies — the departments of Justice and Treasury, among them — and more than 100 private companies and think tanks, including software and telecommunications providers. The campaign’s “hallmark" was the intruders’ ability to impersonate legitimate users and create counterfeit credentials that let them grab data stored remotely by Microsoft Office, the acting director of the Cybersecurity Infrastructure and Security Agency, Brandon Wales, told a mid-March congressional hearing. “Microsoft chooses the default settings in the software it sells, and even though the company knew for years about the hacking technique used against U.S. government agencies, the company did not set default logging settings to capture information necessary to spot hacks in progress," Wyden said. The OPM shared data across multiple agencies using Microsoft's authentication architecture, granting access to more users than it safely should have, said Dukes, now the managing director for the nonprofit Center for Internet Security.

History of this topic

After searing Cyber Safety Review Board report, Microsoft tells employees that security comes first
7 months, 3 weeks ago
Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack
8 months, 3 weeks ago
Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack
8 months, 3 weeks ago
Security News This Week: Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over
9 months, 2 weeks ago
Microsoft says state-backed Russian hackers accessed emails of senior leadership team members
11 months ago
US regulators sue SolarWinds and its security chief for alleged cyber neglect ahead of Russian hack
1 year, 1 month ago
Microsoft: Russian-backed hackers targeting cloud services
3 years, 1 month ago
The Russian hacker group behind the SolarWinds attack is at it again, Microsoft says
3 years, 2 months ago
Microsoft: Russia behind 58% of detected state-backed hacks
3 years, 2 months ago
Justice Department says Russians hacked federal prosecutors
3 years, 4 months ago
Russians Tied To The SolarWinds Cyberattack Hacked Federal Prosecutors, DOJ Says
3 years, 4 months ago
Microsoft says new breach discovered in probe of suspected SolarWinds hackers
3 years, 5 months ago
Microsoft Says Suspected SolarWinds Hackers Breached Its Customer Support Tools Also
3 years, 5 months ago
78% companies expect another SolarWinds-style hack, survey finds
3 years, 6 months ago
Russia's SVR hijacked email system of US aid agency to target NGOs, think tanks critical of Putin
3 years, 6 months ago
Biden budget sets aside $750 million for SolarWinds response
3 years, 6 months ago
Microsoft: SolarWinds hackers target 150 orgs with phishing
3 years, 6 months ago
Russian hack targeted USAID, human rights groups, Microsoft says
3 years, 6 months ago
SolarWinds hacking campaign puts Microsoft in the hot seat
3 years, 8 months ago
A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack
3 years, 8 months ago
Senators press for more on SolarWinds hack after AP report
3 years, 8 months ago
AP sources: SolarWinds hack got emails of top DHS officials
3 years, 8 months ago
China’s Microsoft hack, Russia’s solar winds attack threaten to overwhelm US
3 years, 9 months ago
Microsoft server hack has victims hustling to stop intruders
3 years, 9 months ago
Accounts of thousands of Microsoft users around the world hacked, attack reportedly linked to China
3 years, 9 months ago
White House warns of ‘active threat’ from Microsoft email hackers
3 years, 9 months ago
Microsoft says Chinese hackers are exploiting mail server vulnerabilities
3 years, 9 months ago
Microsoft Says Chinese Hackers Targeted Groups via Server Software
3 years, 9 months ago
Microsoft failed to shore up defenses that could have limited SolarWinds hack -U.S. senator
3 years, 9 months ago
‘They may be in the system’: Questions remain on SolarWinds hack
3 years, 9 months ago
SolarWinds hack required massive, sophisticated effort
3 years, 10 months ago
Massive breach fuels calls for U.S. action on cybersecurity
3 years, 10 months ago
SolarWinds hack: Biden administration says investigation is likely to take ‘several months’
3 years, 10 months ago
Suspected Chinese hackers breach US government via SolarWinds bug
3 years, 10 months ago
SolarWinds hackers gave themselves top administrative privileges to spy on victims undetected, DHS says
3 years, 11 months ago
Hackers accessed our Microsoft O365 email server: US DOJ
3 years, 11 months ago
U.S. Justice Department says its emails were breached by SolarWinds hackers
3 years, 11 months ago
Opinion: The SolarWinds hack is stunning. Here’s what should be done
3 years, 11 months ago
SolarWinds hackers saw some of our source code: Microsoft
3 years, 11 months ago
Microsoft says hackers viewed source code, didn’t change it
3 years, 11 months ago
Microsoft says suspected Russian hackers accessed source code
3 years, 11 months ago
SolarWinds hack: Russian cybercriminals attack CrowdStrike, attempt to read emails
3 years, 11 months ago
U.S. Cyber Agency: SolarWinds Attack Hitting Local Governments
4 years ago
SolarWinds hack: US reaches out to intelligence alliance partners on suspected Russian hack
4 years ago
Massive SolarWinds hack has big businesses on high alert
4 years ago
Microsoft Confirms It Found Malicious Software From SolarWinds in Its Systems
4 years ago
Microsoft says it found malicious software in its systems
4 years ago
Hack against US is ‘grave’ threat, cybersecurity agency says
4 years ago
US cybersecurity agency warns of 'grave threat' after 'critical infrastructure' hacked
4 years ago

Discover Related