Microsoft hacked in Russia-linked SolarWinds cyber attack

“We detected unusual activity with a small number of internal accounts and, upon review, we found that one account was used to view the source code in various source code repositories,” said Microsoft in a statement.

This compromised account was able to view Microsoft’s source code, but made no changes, the company said.

Microsoft’s revelation raises the specter that hackers may have targeted and compromised other technology companies as well, said Sherri Davidoff, chief executive of security consultancy LMG Security LLC. “That’s why these hackers are chasing these companies,” she said. “They don’t want to have access to just one company. They want access to everything. “

A Microsoft spokesman declined to say which products or internal systems were affected by the intrusion.

The company “found no evidence of access to production services or customer data” and “no indication that our systems were used to attack third parties,” said the company.

The SolarWinds attack dates from at least October 2019 and has sparked a flurry of cyber investigations in government and private industry. Through a backdoor that the attackers installed on SolarWinds’ Orion network software, hackers found their way into systems belonging to the Department of Homeland Security, the State Department, the Treasury and Commerce departments and others.

The US government and cybersecurity officials linked the attack on Russia. The Kremlin denied involvement in the hacks.

An analysis of the Wall Street Journal of Internet logs identified infected computers in two dozen organizations that installed SolarWinds’ contaminated network monitoring software. Among them: technology giant Cisco Systems Inc.,

Intel chip manufacturers Corp.

and Nvidia Corp.

and the accounting firm Deloitte LLP.

The hackers also committed at least one reseller of Microsoft cloud computing services and tried to use this as a way to gain access to e-mails belonging to cybersecurity vendor CrowdStrike Inc.

That attempt was unsuccessful, said CrowdStrike last week. Microsoft is the second largest cloud computing company in the world, after Amazon.com Inc.

The SolarWinds attack was not detected for months and was discovered by FireEye Inc.,

a cybersecurity company, when the hackers set off an alarm. FireEye put more than 100 cyber detectives on the job of investigating their systems hack, before finally pinpointing SolarWinds software as the source of the compromise.

The U.S. government and corporate investigators are still trying to assess what information the hackers were able to collect on what cybersecurity officials have characterized as one of the biggest U.S. network breaches in recent years.

Software development technologies have long been considered a sensitive target in cyber attacks. Source code management systems, such as those accessed by Microsoft hackers, are used by software developers to build their products. Having access to them can give hackers an insight into new ways to attack these products, security experts say.

“Having the source code can reduce time and analysis to identify vulnerabilities, but attackers are still able to identify vulnerabilities without the source code,” said Window Snyder, former head of security at Square Inc. “It’s another tool in the toolbox ”.

In the case of SolarWinds, attackers were able to do more than simply view the source code. They compromised the system that SolarWinds used to assemble their finished software products and were able to insert malicious code into SolarWinds’ own software updates, sent to about 18,000 customers, including Microsoft and FireEye.

Write to Robert McMillan at [email protected]