In an update released this Thursday, Microsoft disclosed that the hackers responsible for the SolarWinds attack have also stolen some source code related to Azure, Exchange, and Intune components. However, the tech giant added that their investigation did not point to any evidence of abuse targeted at their internal systems and its customers.
Microsoft took notice of this compromise back on December 31,2020, when they discovered evidence of unusual activity. They quickly uncovered that one of their accounts was used to view source code in some source code repositories. However since the account had restricted access to modify the source code, major ramifications have been prevented.
In the light of the SolarWinds breach, Microsoft has urged enterprises to adopt a zero-trust mentality – to bestow only the absolute necessary privilege and enforce multi-factor authentication.