Microsoft security team said today that it has officially completed its investigation into the SolarWinds breach and found no evidence that hackers have abused its internal systems or official products to attack end users and businesses.
The company began investigating the breach in mid-December when it was discovered that Russian hackers had breached SolarWinds and introduced malware into the Orion IT monitoring platform, a product used internally by Microsoft.
Microsoft said that after the intruder was cut off, hackers continued to try to gain access to Microsoft accounts throughout December and until early January 2021, weeks after revealing SolarWinds breach and after Microsoft made it clear that it was investigating the incident.
"There was no access to all the repositories from any product or service," the company's security team said today. "There was no access to the vast majority of source code."
Microsoft said that intruders appear to have focused on identifying access tokens that could be used to extend their access to other Microsoft systems.
The Redmond-based company said the searches failed because of internal security practices that prevented developers from storing access tokens.
The attackers, however, managed to download the source code of the company. However, Microsoft said the data was not extensive and that the intruders downloaded the source code of only a few items related to some of the cloud-based products.
According to Microsoft, these repositories contained code for:
a small subset of Azure components (subsets of service, security, identity)
a small subset of Intune components
a small subset of Exchange items
Overall, the incident does not appear to have corrupted Microsoft products or led hackers to gain extensive access to user data.