The Redmond, Washington-based company said it found no evidence hackers had accessed production services or customer data, nor that they had used Microsoft's systems to attack others. But an investigation did reveal a lone internal account that was used to view source code "in a number of source code repositories."
"We believe the Solorigate incident is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks," the company said in Thursday's post. Microsoft added that it believes the intruders represented a "very sophisticated nation-state actor."
Microsoft first reported in mid-Dec. that it had detected malicious SolarWinds applications in its systems, which the company isolated and removed. On Thursday, it said that the sole account that was used to view source code had been "investigated and remediated."
Between March and June, hackers believed to be linked to Russia's foreign intelligence service (SVR) inserted malware in software updates for the IT software manufacturer SolarWinds' Orion IT infrastructure management software.
That hack led to security breaches at the Treasury Department, the National Telecommunications and Information Administration, the Department of Homeland and a number of SolarWinds' corporate clients, such as Microsoft.
“To put it bluntly, based on all the initial data and speaking with our Beltway contacts, we believe this cyber attack will likely rank as one of the worst in the last decade, given the targeted and cyber espionage nature of this attack,” wrote Wedbush analyst Dan Ives in a note published following the attack.
Ives added that "this breach could not have come at a worse time, with nearly all government agencies as well as enterprises having employees work from home likely until at least mid-2021 and accessing applications/data from ubiquitous endpoints globally.”
Microsoft shares were down 0.11% to $221.45 per share on Thursday afternoon but were off their lows during the final trading session of the year.