Bose Work Remote Promo
Bose Work Remote Mobile Promo
Take Our Survey on Your IoT/Collaboration Plans & You Could Win a 60" 4K UHD Display!
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Microsoft: SolarWinds Hackers Viewed, Downloaded Source Code for Azure, Intune, Exchange Components

In new blog, Microsoft maintains that none of its tools were leveraged to further attack victims of the SolarWinds supply chain hack.

February 22, 2021 Zachary Comeau Leave a Comment

Microsoft Data Center

Although Microsoft maintains that none of its tools were leveraged by the threat group behind the SolarWinds Orion compromise, the company did disclose that the hackers viewed source code for a small subset of Azure, Intune and Exchange components.

In a Microsoft Security Response Center blog on the final update of the company’s internal investigation into the SolarWinds attack, the company reiterated that it found no evidence of access to production services or customer data, and no Microsoft systems were used to further the attack.

Microsoft has emerged as a leading voice in the tech industry’s response to the attack that has impacted some 18,000 networks and several sensitive U.S. government departments. Earlier this month, Microsoft President Brad Smith called the attack the “largest and most sophisticated” ever.

Smith, alongside several other technology and cybersecurity executives, are scheduled to testify on the attacks at a U.S. Senate Intelligence Committee hearing this week.

Microsoft also said the hackers – allegedly backed by the Russian government – were not able to access privileged credentials or leverage the SAML techniques against the company’s corporate domains.

However, the company was forced to take action to secure it systems after detecting “unusual activity” in December that included viewing of a file in a source repository in late November. Additional attempts – although unsuccessful – continued until early January.

Related: Tips for Buying Cybersecurity Technology

“There was no case where all repositories related to any single product or service was accessed,” the blog said. “There was no access to the vast majority of source code. For nearly all of code repositories accessed, only a few individual files were viewed as a result of a repository search.”

However, there was additional access for a small number of repositories, and in some cases, component source code was downloaded.

According to Microsoft’s blog, the repositories contained code for a small subset of Azure, Intune and Exchange components.

The company said the hackers used search terms that indicated they were after Microsoft’s secrets, but a corporate policy prohibits secrets in code, and automated tools help verify compliance.

“Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories,” Microsoft said in the blog. “We have confirmed that the repositories complied and did not contain any live, production credentials.”

The company also said the attacks have reinforced two key concepts: Zero Trust and protecting privileged credentials. Best practices were shared in a separate blog on the matter. 

Tagged With: Cybersecurity, Microsoft, SolarWinds

Related Content:

  • FireEye Microsoft SolarWinds FireEye, Microsoft Detail Additional Malware Linked to SolarWinds…
  • Microsoft Teams AVI-SPL, Unify Square To Co-Deliver Microsoft Teams User…
  • Nureva HDL300 Audio Conferencing System Nureva HDL300 Audio Conferencing Systems Covers Nearly 30…
  • AV installers, intelligent automation benefits, definition, knowledge management automation How Knowledge Management Automation Is Key to Post-Pandemic…

Free downloadable guide you may like:

  • Introducing the IT Pro MBA: Vetting Technology

    At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. Sometimes the hardest part of the whole thing is just getting started. In this new series from My TechDecisions, the IT Pro MBA: Vetting Technology guide deep-dives […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Introducing the IT Pro MBA: Vetting Technology

At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. ...

9 Technology Products to Help Combat COVID-19 Spread in the Workplace

As the Coronavirus continues on and leads us further into uncertainty, the question remains, “when do we return to the office?” For some the answer...

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2021 Emerald X, LLC. All rights reserved.