Microsoft hacked in Russia-linked SolarWinds cyber attack

“We found unusual activity with a small number of internal accounts and on audit we found that one account had been used to view the source code in a number of source code repositories,” Microsoft said in a statement.

This compromised account was able to view Microsoft’s source code but not make any changes, the company said.

Microsoft’s revelation is a specter that the hackers may have attacked and subsequently compromised other technology companies, said Sherri Davidoff, chief executive of security consultancy LMG Security LLC. “That’s why these hackers are going after these companies,” she said. “They don’t want access to just one company. They want access to everything. “

A Microsoft spokesperson declined to say which products or internal systems were affected by the breach.

The company has “found no evidence of access to production services or customer data” and “no evidence that our systems were used to attack others,” the company said.

The SolarWinds attack dates back to at least October 2019 and has sparked a wave of cyber investigations within government and industry. Through a back door that the attackers installed in SolarWinds’ Orion network software, the hackers found their way into systems of the Department of Homeland Security, the State Department, the Treasury and Commerce departments and others.

The US government and cybersecurity officials have linked the attack to Russia. The Kremlin has denied involvement in the hacks.

A Wall Street Journal analysis of Internet records identified infected computers at two dozen organizations that installed SolarWinds’ compromised network monitoring software. Among them: technology giant Cisco Systems Inc.,

chip makers Intel Corp.

and Nvidia Corp.

, and accounting firm Deloitte LLP.

The hackers also compromised at least one reseller of Microsoft’s cloud-based computing services and tried to use that to access emails from cybersecurity vendor CrowdStrike. Inc.

That attempt was unsuccessful, CrowdStrike said last week. Microsoft is the world’s second largest cloud computing company after Amazon.com Inc.

The SolarWinds attack went unnoticed for months and was discovered by FireEye Inc.,

a cybersecurity company, when hackers raised an alarm. FireEye put more than 100 cyber sleuths to work to investigate the hack of its systems before finally using SolarWinds’ software as the source of the compromise.

US government and corporate researchers are still trying to assess what information the hackers have been able to gather about what cybersecurity officials have characterized as one of the biggest breaches of US networks in years.

Software development technologies have long been considered a sensitive target in cyber attacks. Source code management systems, such as those accessed by Microsoft hackers, are used by software developers to build their products. By accessing it, hackers can gain insights into new ways to attack these products, security experts say.

“Having the source code can shorten the time and analysis required to identify vulnerabilities, but attackers can still identify vulnerabilities without source code,” said Window Snyder, formerly Chief Security Officer at Square Inc. “It’s another resource in the toolbox.”

In the case of SolarWinds, the attackers could do more than just view the source code. They compromised the system SolarWinds used to assemble the finished software products and were able to slip malicious code into SolarWinds’ proprietary software updates sent to approximately 18,000 customers, including Microsoft and FireEye.

Write to Robert McMillan at [email protected]