SolarWinds hackers stole US government’s sanctions data

The SolarWinds attackers got data on the US sanctioning policy, alongside data on US defense and intelligence policy, and COVID-19 research.

This information was confirmed by Microsoft. On October 7 was released Microsoft’s annual Digital Defense Report, which claims that this data could have been used to gain important insights about US policy. Microsoft also said that the Russian spies were ultimately looking for government material on sanctions and other Russia-related policies.

The hackers created a backdoor that exfiltrates sensitive information from Microsoft Active Directory Federation Services (AD FS) servers.

Roger Halbheer, executive security advisor at Microsoft, wrote on LinkedIn:

What I cannot get is why customers still do not protect their AD FS keys in an HSM - if they still use AD FS. This was a key vector during the SolarWinds attack and the actor behind it is still chasing these keys.

Note that the United Kingdom and the United States officially accused Russian officials in April 2021, stating that Russian hackers are responsible for SolarWinds cyber attack, which occurred in December 2020.