Microsoft Concludes Its SolarWinds Investigation

In December, Microsoft began an investigation into a SolarWinds-based breach of its internal systems. That investigation is now complete, and the software giant says that no customer data was compromised.

“We have now completed our internal investigation into the activity of the actor [in the SolarWinds breach] and want to share our findings, which confirm that we found no evidence of access to production services or customer data,” a new Microsoft Security Response Center blog post explains. “The investigation also found no indications that our systems at Microsoft were used to attack others. Because of our defense-in-depth protections, the actor was also not able to gain access to privileged credentials or leverage the SAML techniques against our corporate domains.”

According to the new post, Microsoft continued to witness repeated attempts by this unnamed actor to access its internal systems, albeit unsuccessfully, through early January. At no time were any product or service code repositories fully compromised, and in those cases where code repositories were accessed, the actor only viewed a small handful of files. The repositories that were accessed included those for Azure, Intune, and Exchange, and in each case, it was a small subset of the full repository.

“The search terms used by the actor indicate the expected focus on attempting to find secrets,” Microsoft explains. “Our development policy prohibits secrets in code and we run automated tools to verify compliance. Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories. We have confirmed that the repositories complied and did not contain any live, production credentials.”

As Microsoft explained when the SolarWinds hack came to light in late 2020, the software giant uses what it calls a Zero Trust model for its internal systems in which it always assumes it is being breached, thus requiring explicit verification of “the security status of identity, endpoint, network, and other resources based on all available signals and data.” This helped prevent any widespread damage, and Microsoft now provides guidance for other enterprises so that they can adopt this model and protect themselves.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 3 comments

  • coeus89

    Premium Member
    19 February, 2021 - 7:30 pm

    <p>It seems that they have a pretty effective model for reducing the impact of breaches. Good stuff. I hope other companies emulate.</p>

  • Username

    20 February, 2021 - 8:34 pm

    <p>That picture, with books used to prop up non-adjustable monitor stand obliterates any semblance of Apple's ergonomic design priority.</p>

  • red.radar

    Premium Member
    21 February, 2021 - 3:47 pm

    <p>i am not a software developer. What does the policy about "secrets" mean? How can you automate compliance to that? Is it just they semantically analyzing comments? Or is this just a comment on their project managment techniques and they have no work done that is not approved by a systems engineer preventing undocumented functions, structures from entering code. </p>

    • dnm

      Premium Member
      22 February, 2021 - 8:59 am

      <blockquote><em><a href="#614461">In reply to red.radar:</a></em></blockquote><p>This is an article (for AWS though) but the principles should apply <a href="; target="_blank">Why and how you should manage secrets outside source control (</a></p><p><br></p><p>"<span style="color: rgb(215, 212, 207); –darkreader-inline-color:#ccc8c1;" data-darkreader-inline-color="">Examples of secrets include API keys, encryption keys, Oauth tokens, certificates, PEM files, passwords, and passphrases."</span></p><p><span style="color: rgb(215, 212, 207); –darkreader-inline-color:#ccc8c1;" data-darkreader-inline-color="">And you can have tools that search your code for these secrets.</span></p><p><br></p>


Stay up to date with the latest tech news from!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 BWW Media Group