Η team ασφαλείας της Microsoft δήλωσε σήμερα ότι ολοκλήρωσε επισήμως την έρευνά της για την παραβίαση της SolarWinds και δεν βρήκε στοιχεία που να αποδεικνύουν ότι οι hackers κακοποίησαν τα εσωτερικά της συστήματα ή τα επίσημα προϊόντα της για να επιτεθούν σε τελικούς χρήστες και businesses.
Η company άρχισε να ερευνά την παραβίαση στα μέσα Δεκεμβρίου, όταν ανακαλύφθηκε ότι Ρώσοι hackers παραβίασαν την SolarWinds και εισήγαγαν κακόβουλο λογισμικό στην platform Orion IT, a product used internally by Microsoft.
Microsoft said that after the intruder was cut off, hackers continued to try to gain access to Microsoft accounts throughout December and until early January 2021, weeks after revealing SolarWinds breach and after Microsoft made it clear that it was investigating the incident.
"There was no access to all the repositories from any product or service," the company's security team said today. "There was no access to the vast majority of source code."
Microsoft said that intruders appear to have focused on identifying access tokens that could be used to extend their access to other Microsoft systems.
The Redmond-based company said the searches failed because of internal security practices that prevented developers from storing access tokens.
The attackers, however, managed to download the source code of the company. However, Microsoft said the data was not extensive and that the intruders downloaded the source code of only a few items related to some of the cloud-based products.
According to Microsoft, these repositories contained code for:
a small subset of Azure components (subsets of service, security, identity)
a small subset of Intune components
a small subset of Exchange items
Overall, the incident does not appear to have corrupted Microsoft products or led hackers to gain extensive access to user data.