Source code for Microsoft Azure, Exchange, and Intune stolen

Source code for Microsoft Azure, Exchange, and Intune stolen by the SolarWinds hackers.

This Thursday, Microsoft announced that the malicious actors behind the infamous SolarWinds hack have managed to steal source code related to the company’s products and services. This was revealed after a thorough analysis where it became evident that a limited number of internal accounts have shown suspicious behavior.

The disclosure is based on an earlier update dated 31 December 2020 which revealed the compromise of Microsoft’s network.

The company has detected that a single account was used to access source code in a number of source code repositories. Fortunately, the compromised account had no permissions to make any changes to code or engineering systems. The follow-through investigation has confirmed that no changes have been made.

However, this wasn’t the only way the company’s networks were compromised. The research has revealed that, aside from searching through repositories, the SolarWinds hackers were able to download component source code related to Azure, Intune, and Exchange. According to Microsoft, a small subset of components of these three software products were accessed. The subsequent check concluded the search terms used by the hackers have indicated that they were seeking to discover secrets.

There has been no indication that the SolarWinds attackers have exploited Microsoft’s internal infrastructure for attacking other businesses or getting access to customer details or services related to production.

In a publication earlier in January, Microsoft called up for adopting a Zero Trust mindset and recommended organizations to enable multi-factor authentication in order to minimize security risks and protect privileged access by third parties.

 in order to gain the least privileged access and reduce risks, Microsoft proposed that businesses follow a zero confidence mindset by allowing multi-factor authentication.

The hacking campaign that has taken advantage of SolarWinds Orion software to inject it with malicious code that was then distributed to thousands of its customers only confirms the need for a Zero Trust attitude that should start at the code level and expand end-to-end on all systems.