To end 2020 well, a large number of companies and organizations around the world have recently been the victims of a massive cyber attack via SolarWinds software . In Spain , for example, there are several government organizations that use this software (and that we can find by searching Google: “site: http: //contrataciondelestado.es solarwinds”). But the computer attack has gone much further, and little by little new victims of this massive computer attack are appearing, one of the last to admit it to Microsoft itself.
A group of Russian hackers has been responsible for this massive attack worldwide. To do this, they have taken advantage of a flaw in the SolarWinds software update system to distribute very complex binaries, never seen before, and start the massive, large-scale attack. The goal, like most Russian hackers, is to seize confidential information from American and European governments, as well as company data.
Like many of the companies that use SolarWinds software, Microsoft has been analyzing its systems for signs that it might have been hacked. And, a few hours ago, the company admitted the worst.
Microsoft’s servers had the Russian malware
Microsoft officials have released an official statement admitting to having found the malicious SolarWinds binaries on their systems. These binaries have been immediately isolated and removed from all platforms. However, could it have been too late?
The vulnerability in the update system is believed not to be the only vulnerability that has been used in SolarWinds Orion software to carry out this massive attack. When hackers exploited the vulnerability, they gained access to the internal networks of companies and organizations with high-level credentials thanks to a certificate with a SAML token. In addition, the attack on Microsoft is believed to have been carried out directly from its own Azure cloud, preventing additional security and control measures. As such, Microsoft continues to analyze its infrastructures to detect any possible additional security breaches.
Fortunately, at the moment Microsoft has not detected new intrusions in its systems, although the investigation is ongoing.
Users do not have to worry (for now)
The consequences of the massive attack on Microsoft could have been catastrophic. Can we imagine what would have happened, for example, if they took control of the Windows Update servers? What if they access the OneDrive data? Or to Office?
Fortunately, none of this has come true. Microsoft says that, for now, no signs or infections on a larger scale have been detected. And no possible data theft that could affect users has been detected. The investigations continue, although, for the moment, it seems that they are going in the right direction. Microsoft has already registered the binaries for this malicious software through Windows Defender. This way you can detect the threat before it can pose a threat to startups.