Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company’s internal systems or products to attack other victims.

That’s the final verdict this week by the tech giant now that it’s completed a comprehensive investigation into the attack, which was discovered in December and continues to have repercussions across the industry.

“We have now completed our internal investigation into the activity of the actor … which confirms that we found no evidence of access to production services or customer data,” the company said in a blog post on its Microsoft Security Response Center published Thursday. “The investigation also found no indications that our systems at Microsoft were used to attack others.”

Read more…
Source: ThreatPost