The hackers behind the massive SolarWinds cyber attack, an allegedly Russian-backed operation that has compromised networks at many US agencies and Fortune 500 companies, has also hacked into Microsoft’s internal systems and accessed one of the company’s best kept secrets: your source code.
“We detected unusual activity with a small number of internal accounts and, upon review, we found that one account was used to view the source code in various source code repositories,” said the Microsoft Security Response Center team at a blog post On thursday.
Microsoft had previously confirmed that, like many other victims of cyber attacks, he inadvertently downloaded malicious code hidden in SolarWinds’ popular Orion Platform network management tool. But Thursday’s release is the first admission that hackers have accessed the company’s internal systems.
Exactly which parts of Microsoft’s source code repositories did hackers get their hands on is still unclear. Three people informed about the matter told Reuters that Microsoft has known for days that its source code has been breached. When contacted for comment, a Microsoft spokesman told the media that his security team was working “24 hours a day” and that “when there is actionable information to share, they publish and share it”.
The company said on Thursday that the compromised account was only able to view Microsoft’s source code because it did not have the necessary permissions to tamper with it. Although its internal investigation is still ongoing, Microsoft said it has so far found “no evidence of access to production services or customer data” and “no indication that our systems were used to attack third parties”.
G / O Media can receive a commission
While hackers may not have been able to alter Microsoft’s source code, even taking a peek at the company’s secret sauce could have disastrous consequences. Evildoers can use this type of insight into the inner workings of Microsoft services to help them circumvent their security measures in future attacks. The hackers basically scheduled projects on how to potentially hack Microsoft products.
Experts believe that the state-sponsored Russian group known as ATP 29 infiltrated SolarWinds as early as 2019, but the attack went unnoticed until the beginning this month. The team of highly sophisticated hackers allegedly used malware hidden in the Texas-based software company’s product, which could silently collect user data, such as internal correspondence, keystrokes and credentials.
According SolarWinds, more than half of its 33,000 Orion customers may have been infected. Its clientele includes the Departments of Homeland Security, State and Treasury among dozens of other federal agencies, as well as three-quarters of the companies on the Fortune 500 list. Federal investigations are still ongoing and the scope of the attack is still being discovered, as illustrated by the latest Microsoft disclosure.