Security News > 2021 > February > Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company's internal systems or products to attack other victims.
"We have now completed our internal investigation into the activity of the actor which confirms that we found no evidence of access to production services or customer data," the company said in a blog post on its Microsoft Security Response Center published Thursday.
Once embedded, the attackers were able to pick and choose which organizations to further penetrate.
Microsoft came out as one of those victims in December, acknowledging that malicious SolarWinds binaries were detected in its environment, which the company immediately isolated and removed, a spokesperson said at the time.
Threat actors apparently accessed and downloaded source code from a "Small number of repositories," Microsoft said.
These repositories contained code for: A small subset of Azure components including those related to service, security and identity; a small subset of Intune components; and a small subset of Exchange components.
News URL
https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/
Related news
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)