SolarWinds hackers steal source code from Azure, Exchange and other Microsoft products

The infamous SolarWinds cyberattack keeps bringing undesirable consequences for public and private organizations around the world; an example of this is the latest announcement by Microsoft security teams.

The company revealed that its internal investigation into this incident is over, so they can now confirm that there is no evidence that hackers abused their internal systems or official products to launch supply chain attacks, although they acknowledge that cybercriminals may have stolen sensitive information, including source code from applications such as Azure, Exchange, and Inturn.

According to the security report, threat actors accessed the following resources:

  • A small subset of Azure components
  • A subset of Intune components
  • A subset of Exchange components

This incident does not appear to have damaged Microsoft products; experts also rule out that this scenario had allowed threat actors to find an additional input pivot to the affected networks.

Microsoft’s report mentions that attackers exploited their access through SolarWinds Orion to access their internal networks, from where they managed to download these pieces of code: “Our research shows that the first visualization of a potentially malicious file occurred in late November, conduct that was corrected by securing the affected accounts.”

Although Microsoft cut off illegitimate access at an early stage, hackers tried to access some accounts from December 2020 to the early weeks of January 2021, when considerable time had passed since the release of the SolarWinds supply chain attack, so Microsoft pledged to launch a thorough investigation.

“It’s important to note that under no circumstances did attackers access the entire repository of a product or service, so most of the source code is completely safe,” Microsoft says. The company later added that malicious hackers obtained only a few individual files.

On the other hand, based on queries made to these repositories, Microsoft concluded that threat actors were looking for highly sensitive information such as access tokens to expand the intrusion to other sectors of the target network. These searches were not helpful because of Microsoft’s security practices, which address scenarios like this and prohibit the storage of sensitive information in these repositories.

To learn more about computer security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.