Friday, July 23, 2021

SolarWinds hackers downloaded Azure, Exchange, and Intune source code says Microsoft

Must Read

Cashalo users Data of 3.3 million sold on the dark web: NPC

Sensitive information of Cashalo users has been sold on the dark web, NPC said on Tuesday. The National Privacy Commission...

Kobalos malware is targeting supercomputers worldwide

A small but complex variation of malware is targeted at significant computer users worldwide. Reverse engineered by ESET and described...

This software flaw Has Been used to break into Networks, so update Quickly

A vulnerability in MobileIron mobile device management applications is used by state-backed hackers and organized crime warns the safety...

Microsoft’s security team said today it had officially completed its SolarWinds-related criminal investigation and found no evidence that hackers were abusing its internal systems or legal products to assault and attack end-users and business customers.

Microsoft says it has completed an investigation into its SolarWinds-related violations.

The OS maker began investigating violations in mid-December after discovering that hackers linked to Russia had hacked software vendor SolarWinds and installed malware inside the Orion IT monitoring platform, a Microsoft product also used internally.

In a blog post published on December 31, Microsoft said it found hackers used their access through the SolarWinds Orion app to create a Microsoft internal network, where they access the source code for many internal projects.

“Our analysis shows that the first file search in the archive was in late November and ended when we received the affected accounts,” the company said today, in its final report on the SolarWinds-related violations.

Microsoft said that after breaking into the intruder, hackers continued to access Microsoft accounts throughout December until early January 2021, weeks after the SolarWinds violations were revealed and after Microsoft made it clear that they were investigating the incident.

“There was no case where all the bins related to any single product or service were found,” the company’s security team said today. “It could not be accessed in bulk source code.”

Instead, the OS maker said the intruders viewed “only a few files […] as a result of a cached search.”

Microsoft claims that based on the interrogatories inside the archives, the intruders appear to be focusing on obtaining secrets (access tokens) that can be used to increase their access to other Microsoft services.

The Redmond company said the search had failed due to internal code-breaking practices that prevented developers from keeping secrets within the source code.

Microsoft says, these repositories contain code for:

  • a small subset of Azure items (service sets, security, identity)
  • a small subset of Intune components
  • a small subset of Exchange components

Hackers Also Downloaded Some additional Source Code

But in addition to viewing the files, hackers are also able to download specific code. However, Microsoft has stated that the data is not sensitive and that users can only download source code for a few of their cloud-based products.

Overall, this incident does not appear to have harmed Microsoft products or led hackers to gain widespread access to user information.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This