The SolarWinds Orion app attack using the Solarigate malware has been dubbed one of the most dangerous breaches of all-time. Numerous victims have come forward following the Russia-backed threat attack. Now, the US Department of Justice (DoJ) confirms it too was compromised through Microsoft 365 email servers.
In a statement this week, the DoJ says the attack left 3% of its mailboxes vulnerable. However, the department says it has no reason to believe any classified systems were breached during the hack.
Still, the attack was potent enough to be given a rating of “major incident” under the Federal Information Security Modernization Act. The DoJ says “The Department will continue to notify the appropriate federal agencies, Congress, and the public as warranted.”
It is worth noting that while the Solarigate malware can be implemented through Microsoft 365, it is not specifically Microsoft's problem. In fact, the company has been among the most active in trying to stop its spread.
Microsoft took swift action when the vulnerability and exploit in the SolarWinds Orion app was found. Firstly, the company issued an update for Microsoft Defender o quarantine malicious binaries related to the Solorigate (SUNBURST) attack.
Russia-backed treat actors used the avsvmcloud.com website to host a server for the Solorigate malware. The infection was sent to 18,000 Orion customers. Many of those customers are major organizations and government departments.
Last month, Microsoft President Brad Smith said the attack creates “serious technological vulnerability for the United States and the world”.
Also in December, the Cybersecurity and Infrastructure Security Agency (CISA) debuted a PowerShell tool to help Microsoft 365 customers mitigate Solarigate. Microsoft had recently confirmed stolen Azure/Microsoft 365 credentials and access tokens were a part of the breach.
Tip of the day:
If you need to create an ad-hoc network, you can do it on Windows 10. In our tutorial we show you how to easily create a shareable wireless internet connection in Windows 10 as a free WIFI hotspot.