Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company’s internal systems or products to attack other victims. That’s the final verdict this week by the tech giant now that it’s completed a comprehensive investigation into the attack, which was discovered in December and continues to have repercussions across the industry. “We have now completed our internal investigation into the activity of the actor … which confirms that we found no evidence of access to production services or customer data,” the company said in a blog post on its Microsoft Security Response Center published Thursday. “The investigation also found no indications that our systems at Microsoft were used to attack others.” Click to Register Texas-based SolarWinds was the primary victim of the now-infamous cyberattack believed to be the work of Russian state-sponsored actors. During the attack, adversaries used SolarWinds’ Orion network management platform to infect users with a stealth backdoor called “Sunburst” or “Solorigate,” which opened the way for lateral movement to other parts of a network. The backdoor was pushed out via trojanized product updates to almost 18,000 organizations around the globe—including high-profile victims such as the U.S. Department of Homeland Security (DHS) and the Treasury and Commerce departments—starting last spring. Once embedded, the attackers were able to pick and…

Source