SolarWinds attackers downloaded source code from Microsoft's Azure, Intune, and Exchange

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • The SolarWinds hackers were able to obtain a portion of source code from three Microsoft services.
  • Small subsets of source code from Azure, Intune, and Exchange were downloaded by the attackers.
  • Microsoft concluded that the attackers were not able to obtain customer data.

Microsoft recently completed its internal investigation of the SolarWinds attack. The investigation concluded that the people behind the attack did not gain access to customer data. The hackers did, however, manage to download a portion of the source code for Microsoft's Azure, Intune, and Exchange services.

Microsoft states in a blog post:

We have now completed our internal investigation into the activity of the actor and want to share our findings, which confirm that we found no evidence of access to production services or customer data. The investigation also found no indications that our systems at Microsoft were used to attack others. Because of our defense-in-depth protections, the actor was also not able to gain access to privileged credentials or leverage the SAML techniques against our corporate domains.

Microsoft also details that the attacks were able to download part of the source code of three of its products:

Latest Videos From
  • A small subset of Azure components (subsets of service, security, identity)
  • A small subset of Intune components
  • A small subset of Exchange components

The attackers were likely seeking to find secrets based on the search terms that they used. Microsoft explains that it does not keep secrets in its code and that it uses automated tools to verify compliance with its rules related to this.

Microsoft President Brad Smith recently said that the SolarWinds attack was probably the "largest and most sophisticated attack the world has ever seen." The attacks targeted government agencies, NVIDIA, Intel, Cisco, Belkin, and other organizations.

The US government believes that Russia was behind the attack, though that's not confirmed at this point.

Sean Endicott
News Writer

Sean Endicott is a News Writer at Windows Central, where he covers Windows 11, Surface hardware, Microsoft 365, AI, apps, and the broader PC ecosystem. Since joining the site in 2017, he has written well over a thousand articles across the Microsoft landscape, covering breaking news, analysis, and feature reporting.

He writes Windows Wrap, a weekly column covering the biggest stories in Windows and the PC industry, and what they mean for the platform going forward.

Before joining Windows Central full-time, Sean worked in journalism and media production after earning a First Class degree in Broadcast Journalism from Nottingham Trent University. Outside of tech, he is an award-winning American football coach based in Nottingham, England, and was named BAFCA Youth Coach of the Year in 2024.