Microsoft’s security team said today it had officially completed its SolarWinds-related criminal investigation and found no evidence that hackers were abusing its internal systems or legal products to assault and attack end-users and business customers.
Microsoft says it has completed an investigation into its SolarWinds-related violations.
The OS maker began investigating violations in mid-December after discovering that hackers linked to Russia had hacked software vendor SolarWinds and installed malware inside the Orion IT monitoring platform, a Microsoft product also used internally.
In a blog post published on December 31, Microsoft said it found hackers used their access through the SolarWinds Orion app to create a Microsoft internal network, where they access the source code for many internal projects.
“Our analysis shows that the first file search in the archive was in late November and ended when we received the affected accounts,” the company said today, in its final report on the SolarWinds-related violations.
Microsoft said that after breaking into the intruder, hackers continued to access Microsoft accounts throughout December until early January 2021, weeks after the SolarWinds violations were revealed and after Microsoft made it clear that they were investigating the incident.
“There was no case where all the bins related to any single product or service were found,” the company’s security team said today. “It could not be accessed in bulk source code.”
Instead, the OS maker said the intruders viewed “only a few files […] as a result of a cached search.”
Microsoft claims that based on the interrogatories inside the archives, the intruders appear to be focusing on obtaining secrets (access tokens) that can be used to increase their access to other Microsoft services.
The Redmond company said the search had failed due to internal code-breaking practices that prevented developers from keeping secrets within the source code.
Microsoft says, these repositories contain code for:
- a small subset of Azure items (service sets, security, identity)
- a small subset of Intune components
- a small subset of Exchange components
Hackers Also Downloaded Some additional Source Code
But in addition to viewing the files, hackers are also able to download specific code. However, Microsoft has stated that the data is not sensitive and that users can only download source code for a few of their cloud-based products.
Overall, this incident does not appear to have harmed Microsoft products or led hackers to gain widespread access to user information.