U.S. markets open in 8 hours 7 minutes
  • S&P Futures

    +4.00 (+0.10%)
  • Dow Futures

    +5.00 (+0.01%)
  • Nasdaq Futures

    +5.00 (+0.04%)
  • Russell 2000 Futures

    +4.50 (+0.20%)
  • Crude Oil

    +0.44 (+0.73%)
  • Gold

    -4.50 (-0.26%)
  • Silver

    -0.02 (-0.06%)

    +0.0011 (+0.10%)
  • 10-Yr Bond

    0.0000 (0.00%)
  • Vix

    -0.26 (-1.54%)

    +0.0026 (+0.19%)

    -0.1180 (-0.11%)

    +3,982.82 (+6.59%)
  • CMC Crypto 200

    +96.02 (+7.42%)
  • FTSE 100

    +1.37 (+0.02%)
  • Nikkei 225

    +134.54 (+0.46%)

SolarWinds hackers studied Microsoft source code for authentication and email

  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
Joseph Menn
·2 min read
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

By Joseph Menn

SAN FRANCISCO, Feb 18 (Reuters) - The hackers behind theworst intrusion of U.S. government agencies in years won accessto Microsoft's secret source code for authenticatingcustomers, one of the biggest vectors used in the attacks.

Microsoft said in a blog post Thursday that its internalinvestigation had found that the hackers studied parts of thesource code instructions for its Azure cloud programs related toidentity and security, its Exchange email programs, and Intunemanagement for mobile devices and applications.

Some of the code was downloaded, the company said, whichwould have allowed the hackers more freedom to hunt for securityvulnerabilities, create copies with new flaws, or examine thelogic for ways to exploit customer installations.

Microsoft had said before that the hackers had accessed somesource code, but had not said which parts, or that any had beencopied.

U.S. authorities said Wednesday the breaches revealed inDecember extended to nine federal agencies and 100 privatecompanies, including major technology providers and securityfirms. They said the Russian government is likely behind thespree, which Moscow has denied.

Initially discovered by security provider FireEye Inc, the hackers used advanced skills to insert softwareback doors for spying into widely used network-managementprograms distributed by Texas-based SolarWinds Corp.

At the most prized of the thousands of SolarWinds customerswere exposed last year, the hackers added new Azure identities,added greater rights to existing identities, or otherwisemanipulated the Microsoft programs, largely to steal email. Somehacking also used that method on targets which did not useSolarWinds.

Microsoft previously acknowledged that some of itsresellers, who often have continual access to customer systems,had been used in the hacks. It continues to deny that flaws inanything it provides directly have been used as an initialattack vector.

The company said Thursday it had completed its probe andthat it had "found no indications that our systems at Microsoftwere used to attack others."

Nevertheless, the problems with identity management haveproved so pervasive in the recent attacks that multiple securitycompanies have issued new guidelines and warnings as well toolsfor detecting misuse.(Reporting by Joseph Menn; editing by Jonathan Oatis)