Microsoft has released a final report regarding its internal investigation into the SolarWinds breach, which was initiated after the company detected an unusual activity on its systems back in December.
The investigation revealed that the attackers got access to some repositories and downloaded source code for three company’s products, namely the cloud computing service Azure, the cloud-based management solution Intune and the mail and calendar server Exchange. In all cases the hackers only downloaded a small subset of files, Microsoft says, and search terms used by the threat actor indicate that they were interested in company’s secrets.
“Our development policy prohibits secrets in code and we run automated tools to verify compliance. Because of the detected activity, we immediately initiated a verification process for current and historical branches of the repositories. We have confirmed that the repositories complied and did not contain any live, production credentials,” Microsoft said.
The tech giant stressed that the attackers did not gain access to any of its products or services, as well as the vast majority of source code. Also, the company did not find any evidence that its systems were used to launch attacks against other victims. Microsoft also determined that no production services or customer data were compromised during the breach.