SolarWinds attackers downloaded source code from Microsoft's Azure, Intune, and Exchange
While the SolarWinds attackers managed to download portions of the source code of three Microsoft services, they did not gain access to customer data.
What you need to know
- The SolarWinds hackers were able to obtain a portion of source code from three Microsoft services.
- Small subsets of source code from Azure, Intune, and Exchange were downloaded by the attackers.
- Microsoft concluded that the attackers were not able to obtain customer data.
Microsoft recently completed its internal investigation of the SolarWinds attack. The investigation concluded that the people behind the attack did not gain access to customer data. The hackers did, however, manage to download a portion of the source code for Microsoft's Azure, Intune, and Exchange services.
Microsoft states in a blog post:
Microsoft also details that the attacks were able to download part of the source code of three of its products:
- A small subset of Azure components (subsets of service, security, identity)
- A small subset of Intune components
- A small subset of Exchange components
The attackers were likely seeking to find secrets based on the search terms that they used. Microsoft explains that it does not keep secrets in its code and that it uses automated tools to verify compliance with its rules related to this.
Microsoft President Brad Smith recently said that the SolarWinds attack was probably the "largest and most sophisticated attack the world has ever seen." The attacks targeted government agencies, NVIDIA, Intel, Cisco, Belkin, and other organizations.
The US government believes that Russia was behind the attack, though that's not confirmed at this point.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at email@example.com.