SolarWinds hackers hunted for Microsoft codes for yearsEuropost
Microsoft admitted that the SolarWinds hackers spent years in training prior to the worst security breach in the security of US government agencies, Reuters reported. The hackers were aiming at the secret source code for authenticating customers, potentially aiding one of their main attack methods.
Microsoft said that its internal investigation had found the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications. Some of the code was downloaded, the company said, which would have allowed the hackers even more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations. Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied.
US authorities said the breaches revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms. They said the Russian government is likely behind the spree, which Moscow has denied.
At the most prized of the thousands of SolarWinds customers that were exposed last year, the hackers added new Azure identities, added greater rights to existing identities, or otherwise manipulated the Microsoft programs, largely to steal email. Some hacking also used such methods at targets which did not use SolarWinds. Microsoft previously acknowledged that some of its resellers, who often have continual access to customer systems, had been used in the hacks. It continues to deny that flaws in anything it provides directly have been used as an initial attack vector.