On Wednesday, SolarWindsrevealing the company was contacted by Microsoft on December 13 about signs of hackers in its Office 365 email system. That's four days before Smith's controversial Microsoft blog post.
"This has been a PR hit for Microsoft," longtime cybersecurity investor Mike Janke, cofounder of the firm Data Tribe, told Insider."FireEye did it the right way, but Microsoft knew more than they said," Janke said, referring to Smith's blog post and public statements that did not immediately disclose Microsoft's role in the attacks.
"This has been a long, ongoing investigation, so we've been finding different things on different timelines. And as we find new information we have been incredibly proactive about getting that out there," Jakkal told Insider."We do believe that one of the main tenets of cybersecurity is that the more we share, the better we all get."
CrowdStrike, a cybersecurity competitor that was hit by the attacks despite not being a SolarWinds customer, said it"experienced first hand the difficulties customers face in managing Azure's administrative tools," the company wrote. that it, too, was hit in the attacks despite not using SolarWinds. Like CrowdStrike, the company cited the hackers' use of Microsoft products.