Microsoft’s security team completed its investigation into its SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers.
The OS maker began investigating the breach in mid-December after it was discovered that Russian-linked hackers breached and inserted malware inside the Orion IT monitoring platform, a product that Microsoft had also deployed internally.
Microsoft said it discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft’s internal network, where they accessed several internal projects.
Microsoft said that after cutting off the intruder’s access, the hackers continued to try to access Microsoft accounts throughout December and even up until early January 2021.
There was no case where all repositories related to any single product or service was accessed,the company’s security team informed There was no access to the vast majority of source code.
Microsoft said that based on the search queries attacker performed inside their code repositories, the intruders appeared to have been focused on locating secrets that they could be used to expand their access to other Microsoft systems.
Per Microsoft, these repositories contained code for:
- a small subset of Azure components (subsets of service, security, identity)
- a small subset of Intune components
- a small subset of Exchange components
All in all, the incident doesn’t appear to have damaged Microsoft’s products or have led to hackers gaining extensive access to user data.