Security News > 2021 > February > Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company's internal systems or products to attack other victims.
"We have now completed our internal investigation into the activity of the actor which confirms that we found no evidence of access to production services or customer data," the company said in a blog post on its Microsoft Security Response Center published Thursday.
Once embedded, the attackers were able to pick and choose which organizations to further penetrate.
Microsoft came out as one of those victims in December, acknowledging that malicious SolarWinds binaries were detected in its environment, which the company immediately isolated and removed, a spokesperson said at the time.
Threat actors apparently accessed and downloaded source code from a "Small number of repositories," Microsoft said.
These repositories contained code for: A small subset of Azure components including those related to service, security and identity; a small subset of Intune components; and a small subset of Exchange components.
News URL
https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/
Related news
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)
- Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)