SolarWinds Cyberattack | UPSC
How the SolarWinds cyberattack has hit Microsoft
WHY IN NEWS:
Microsoft has not confirmed what source code was accessed by the hackers.
SYLLABUS COVERED: GS 3: Cyber Attack
SOLARWINDS CYBERATTACK : MICROSOFT
- As part of its ongoing investigations in the SolarWinds cyberattack, Microsoft has revealed that its internal source code was likely accessed by the attackers.
- The malware exploited the SolarWinds Orion software, which is used by thousands of companies, including several US government agencies.
- According to FireEye, Sunburst — a malicious version of a digitally signed SolarWinds Orion plugin– contains a backdoor that communicates via HTTP to third-party servers.
HOW MALWARE WORKS?
- It appears that the plugin remains “dormant period of up to two weeks,”.
- It also appears that the malware “performs numerous checks to ensure no analysis tools are present”.
- The company had earlier confirmed that it too was compromised is what is being seen as one of the world’s largest cyberattack, that primarily targeted the United States (US) government and several other private organisations.
- The SolarWinds cyberattack was first revealed in December by cyber-security firm FireEye.
- We take a look at what Microsoft’s latest investigation has revealed, and what it means.
WHAT HAS MICROSOFT REVEALED IN ITS NEW INVESTIGATIONS?
- Microsoft’s internal security research team has found evidence that the attackers accessed some internal source code in the company’s systems.
- The ‘Solorigate incident’ as Microsoft has termed it in the blog, showed there were “attempted activities beyond just the presence of malicious SolarWinds code in our environment.”
- These accounts were investigated and remediated.
WHAT IS SOURCE CODE?
- Microsoft has not confirmed what source code was accessed by the hackers.
- However, the fact that the hackers got in so deep is quite worrying, given source code is crucial to how any piece of software works.
- Hackers could use this information to exploit any potential weakness in the programmes.
- Microsoft says “this activity has not put at risk the security of our services or any customer data,”.
- The company says that there’s no evidence that its systems were used to attack others.
- This cautious approach is what helped the malware “evade detection by anti-virus software and forensic investigators for seven months after its introduction to the SolarWinds Orion supply chain,”.
SOURCES: IE | SolarWinds Cyberattack | UPSC