The Redmond-based firm also confirmed how it had been affected by the incident and shared tips for boosting cyber defenses against future attacks.
“Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts,” the Microsoft Security Response Center revealed. “We continued to see unsuccessful attempts at access by the actor into early January 2021, when the attempts stopped. There was no case where all repositories related to any single product or service were accessed. There was no access to the vast majority of source code… For a small number of repositories, there was additional access, including in some cases, downloading component source code.”
Microsoft added that it was clearly concerning that security companies, including the likes of Malwarebytes, FireEye, and CrowdStrike, in addition to itself, were being targeted by the SolarWinds hackers.
The cybersecurity fightback
Upon announcing the formal closure of its SolarWinds investigation, Microsoft urged all companies to adopt a zero-trust mindset as part of their digital security protocols. In-depth defenses should be employed across services, encompassing email solutions, cloud apps, endpoints, identities, and more, assuming all activity, even that conducted by trusted users, is an attempt to breach systems.
Microsoft also advises businesses to adopt cloud solutions to bolster protection, particularly with more companies looking to secure a remote workforce during the COVID-19 pandemic. Perhaps most important of all, the company believes that building a community of cybersecurity defenders is key, with shared threat intelligence proving crucial in the battle against bad actors.
Although Microsoft’s investigation into the SolarWinds breach may be over, it is unlikely to be the last we hear of the attack. Earlier this week, the US Government confirmed that the attack took place domestically and further information is likely to continue being released.