SolarWinds Hackers Had Access to eMail System for Months
According to a report in the Wall Street Journal (subscription required), the threat actors behind the SolarWinds supply-chain attack likely had access to SolarWinds email system for nearly a year. In an interview, SolarWinds CEO Sudhakar Ramakrishna said that the attackers had access to SolarWinds email accounts in December 2019. (Please note that the WSJ story is behind a paywall.)
Reducing dwell time by earlier detection is something we all are challenged with. Cloud email providers have tools to help. Make sure to enable the threat detection capabilities in your email system, that you've got adequate monitoring/alerting which is integrated with your SIEM. Also use tools such as the ones from Microsoft and FireEye to detect post-compromise activity to make sure that you're clean now and in the future.