Microsoft has reported that the SolarWinds were able to view the source code but did not change it. This has been stated by the tech giant in an update about its internal investigation into the SolarWinds security breach.
Microsoft had previously reported that it detected malicious SolarWinds applications in its environment. These were isolated and removed.
The investigation has discovered attempts by hackers that go beyond the mere presence of malicious SolarWinds code in the Microsoft environment. “This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor,” the company said.
Microsoft also detected unusual activity with a small number of internal accounts. In addition, one account was used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and its investigation further confirmed no changes were made. Microsoft has investigated and remediated these accounts.
Read about the Microsoft investigation here.