Security News > 2021 > February > Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company's internal systems or products to attack other victims.
"We have now completed our internal investigation into the activity of the actor which confirms that we found no evidence of access to production services or customer data," the company said in a blog post on its Microsoft Security Response Center published Thursday.
Once embedded, the attackers were able to pick and choose which organizations to further penetrate.
Microsoft came out as one of those victims in December, acknowledging that malicious SolarWinds binaries were detected in its environment, which the company immediately isolated and removed, a spokesperson said at the time.
Threat actors apparently accessed and downloaded source code from a "Small number of repositories," Microsoft said.
These repositories contained code for: A small subset of Azure components including those related to service, security and identity; a small subset of Intune components; and a small subset of Exchange components.
News URL
https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/
Related news
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)