Microsoft's security team said today that it has formally completed its investigation into the SolarWinds breach and found no evidence that hackers abused its internal systems or official products to attack end users and businesses.
The company began investigating the breach in mid-December when it was discovered that Russian hackers had breached SolarWinds and introduced malware into the Orion IT monitoring platform, a product used internally by Microsoft.
Microsoft said that after its shutdown accessAccording to the attacker, hackers continued to try to gain access to Microsoft accounts throughout December and into early January 2021, weeks after revealing SolarWinds breach and after Microsoft made it clear that it was investigating the incident.
"Δεν υπήρχε περίπτωση πρόσβασης σε όλα τα αποθετήρια από οποιοδήποτε προϊόν ή υπηρεσία", δήλωσε σήμερα η ομάδα ασφαλείας της εταιρείας. "Δεν υπήρχε πρόσβαση στη συντριπτική πλειοψηφία του πηγαίου κώδικα."
Microsoft said that intruders appear to have focused on identifying access tokens that could be used to extend their access to other Microsoft systems.
The company from Redmond stated that these searches failed due to internal security practices that prohibited developers from storing access tokens.
The attackers, however, managed to download the source code of the company. However, Microsoft said the data was not extensive and that the intruders downloaded the source code of only a few items related to some of the cloud-based products.
According to Microsoft, these repositories contained code for:
a small subset of Azure components (subsets of service, security, identity)
a small subset of Intune components
a small subset of Exchange items
Overall, the incident does not appear to have corrupted Microsoft products or led hackers to gain extensive access to user data.