SolarWinds Hackers stole Microsoft source code

Microsoft's security team said today that it has formally completed its investigation into the SolarWinds breach and found no που να αποδεικνύουν ότι οι hackers κακοποίησαν τα εσωτερικά της συστήματα ή τα επίσημα to attack end users and businesses.

The company began investigating the breach in mid-December when it was discovered that Russian hackers had breached SolarWinds and introduced λογισμικό στην πλατφόρμα παρακολούθησης Orion IT, ένα που χρησιμοποιούσε η Microsoft εσωτερικά.

Microsoft said that after the intruder was cut off, hackers continued to try to gain access to Microsoft accounts throughout December and until early January 2021, weeks after revealing SolarWinds breach and after Microsoft made it clear that it was investigating the incident.

"There was no access to all the repositories from any product or service," the company's security team said today. "There was no access to the vast majority of source code."

Microsoft said that intruders appear to have focused on identifying access tokens that could be used to extend their access to other Microsoft systems.

The Redmond-based company said the searches failed because of internal security practices that prevented developers from storing access tokens.

The attackers, however, managed to download the source code of the company. However, Microsoft said the data was not extensive and that the intruders downloaded the source code of only a few items related to some of the cloud-based products.

According to Microsoft, these repositories contained code for:

a small subset of Azure components (subsets of service, security, identity)
a small subset of Intune components
a small subset of Exchange items

Overall, the incident does not appear to have corrupted Microsoft products or led hackers to gain extensive access to user data.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).