Sunday, October 17, 2021

SolarWinds hackers downloaded Azure, Exchange, and Intune source code says Microsoft

Must Read

Python release quick updates to Fix remote code vulnerabilities

The Python Software Foundation (PSF) has rapidly launched Python 3.9.2 and 3.8.8 to address two significant security breaches, including...

WA Auditor Shows Concern about security Methods within state Registry System

Auditor General publishes findings 18 weeks after the audit has been complete because she feared that the danger was...

Web Hosting Security Threats to Check Out

Threats to web hosting are becoming more commonplace in the last few decades. Throughout this past year, an internet...

Microsoft’s security team said today it had officially completed its SolarWinds-related criminal investigation and found no evidence that hackers were abusing its internal systems or legal products to assault and attack end-users and business customers.

Microsoft says it has completed an investigation into its SolarWinds-related violations.

The OS maker began investigating violations in mid-December after discovering that hackers linked to Russia had hacked software vendor SolarWinds and installed malware inside the Orion IT monitoring platform, a Microsoft product also used internally.

In a blog post published on December 31, Microsoft said it found hackers used their access through the SolarWinds Orion app to create a Microsoft internal network, where they access the source code for many internal projects.

“Our analysis shows that the first file search in the archive was in late November and ended when we received the affected accounts,” the company said today, in its final report on the SolarWinds-related violations.

Microsoft said that after breaking into the intruder, hackers continued to access Microsoft accounts throughout December until early January 2021, weeks after the SolarWinds violations were revealed and after Microsoft made it clear that they were investigating the incident.

“There was no case where all the bins related to any single product or service were found,” the company’s security team said today. “It could not be accessed in bulk source code.”

Instead, the OS maker said the intruders viewed “only a few files […] as a result of a cached search.”

Microsoft claims that based on the interrogatories inside the archives, the intruders appear to be focusing on obtaining secrets (access tokens) that can be used to increase their access to other Microsoft services.

The Redmond company said the search had failed due to internal code-breaking practices that prevented developers from keeping secrets within the source code.

Microsoft says, these repositories contain code for:

  • a small subset of Azure items (service sets, security, identity)
  • a small subset of Intune components
  • a small subset of Exchange components

Hackers Also Downloaded Some additional Source Code

But in addition to viewing the files, hackers are also able to download specific code. However, Microsoft has stated that the data is not sensitive and that users can only download source code for a few of their cloud-based products.

Overall, this incident does not appear to have harmed Microsoft products or led hackers to gain widespread access to user information.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This