The hackers behind the SolarWinds supply chain attack managed to escalate access inside Microsoft’s internal network and gain access to a small number of internal accounts, which they used to access Microsoft source code repositories, the company said on Thursday.
The OS maker said the hackers did not make any changes to the repositories they accessed because the compromised accounts only had permission to view the code but not alter it.
The news comes as an update to the company’s internal investigation into the SolarWinds incident, posted today on its blog.
Microsoft emphasized that despite viewing some source code, the threat actors did not escalate the attack to reach production systems, customer data, or use Microsoft products to attack Microsoft customers.
The Redmond-based company said its investigation is still ongoing.
Microsoft previously admitted on December 17 that it had used SolarWinds Orion, an IT monitoring platform, inside