Microsoft Announced SolarWinds Hackers Downloaded Some Azure, Exchange Source Code

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

On Thursday, Microsoft announced that the SolarWinds hackers obtained access to the source code for a restricted number of Azure, Intune, and Exchange components.

Last year in December, it was revealed that the SolarWinds’ network management company underwent a complex cyberattack that enabled hackers to build a supply chain attack that target’s the company’s clients.

Following the internal investigations in December 2020, Microsoft affirmed SolarWinds supply chain hackers obtained access to a few of its internal accounts. However, the hacker could only obtain access to a reduced amount of source code repositories.

Some Azure Exchange Source Code Was Downloaded

On Thursday, Microsoft has released the definitive update into their examination and concluded that the hackers could only obtain access to some files for several repositories.

However, for a few repositories such as Azure, Intune, and Exchange, the threat actors will be able to download component source code.

For a minimal number of repositories, there was added access, including in a few cases, the hackers were able to download component source code. These repositories enclosed code for:

  • a small subset of Azure components (subsets of service, security, identity)
  • a small subset of Intune components
  • a small subset of Exchange components

If any credentials were embedded in the source code, it would have likely permitted the attackers to obtain furtheraccess to Microsoft’s systems.

Microsoft says that they have a severe development policy that forbids saving secrets in source code and utilize automated tools to test and check this compliance.

Microsoft’s investigation concluded that the accessed code didn’t consist of any credentials.

“We have affirmed that the repositories complied and didn’t consist of any live, production credentials,” Microsoft stated in a final report.

Subscribe to our newsletter for the latest security news right from the security and research industries. 

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This