slide image

SolarWinds hackers downloaded some Microsoft source code for Azure, Exchange, and Intune

(Reuters) — The hackers behind the worst intrusion of U.S. government agencies in years won access to Microsoft’s secret source code for authenticating customers, potentially aiding one of their main attack methods.

Microsoft said in a blog post on Thursday that its internal investigation had found the hackers studied parts of the source code instructions for its Azure cloud programs related to identity and security, its Exchange email programs, and Intune management for mobile devices and applications.

Some of the code was downloaded, the company said, which would have allowed the hackers even more freedom to hunt for security vulnerabilities, create copies with new flaws, or examine the logic for ways to exploit customer installations.

Microsoft had said before that the hackers had accessed some source code, but had not said which parts, or that any had been copied.

U.S. authorities said Wednesday the breaches revealed in December extended to