SolarWinds Hackers Gain Access to Portion of Source Code for Three Microsoft Products

Hackers behind the SolarWinds attack gained access to source files from Microsoft Azure, Exchange, and Intune. This is according to an internal study by Microsoft. According to the company, it was a small number of files.

Microsoft previously announced that the intruders could get to the company’s source code. It now appears that three specific products are involved: the cloud service Azure, the cloud management service Intune and the mail and calendar service Exchange.

Microsoft concludes that in an internal investigation that has now been completed. In it, Microsoft also writes that no evidence was found that the attackers had access to customer data and that there is no indication that Microsoft systems were used in attacks on others.

The attackers were able to search some source code repositories. Within Microsoft, all employees can view the code of products and services, but they cannot change the code. The attackers were looking for trade secrets in the code repositories, but according to Microsoft, it is not allowed to write trade secrets in code and is always checked. As a result, the attackers were unable to loot any company secrets.

In December, Microsoft learned that attackers had accessed a source file in late November and immediately denied access to the systems. According to Microsoft, the attackers tried again until early January to gain access to the systems, but were unsuccessful. The company says the attackers couldn’t access the entire source files of Microsoft products while searching the repositories, only a few individual files.

This includes a small number of Azure source files, focused on services, security, and identity, and some Intune and Exchange files. In addition, the attackers were unable to find login details for accounts with, for example, admin privileges. Earlier, Microsoft reported that the hackers had taken over several internal accounts, one of which was used to look up source codes. That account did not have permission to modify the code.

The massive SolarWinds attack came to light in December. According to the US government, at least 100 companies and nine governments have been affected. That number is lower than previous estimates, but could rise.