The hackers behind the huge SolarWinds cyber attack, an operation reportedly backed by Russia that compromised networks at many U.S. agencies and Fortune 500 companies, also broke into Microsoft’s internal systems and gained access to one of the company’s best-kept secrets: the source code.
“We found unusual activity in a small number of internal accounts and on audit we found that one account had been used to view the source code in a number of source sources,” said the Microsoft Security Response Center team a blog post on Thursday.
Microsoft had previously confirmed that, like scores of other cyber-attack victims, it has unwittingly downloaded malicious code hidden in SolarWinds’ popular network management tool Orion Platform. But Thursday’s revelation is the first acknowledgment that hackers have had access to internal company systems.
It remains unclear exactly what parts of Microsoft’s source code repositories the hackers got their hands on. Three people have inquired about the matter said Reuters that Microsoft has known for days that the source code has been violated. When a Microsoft spokesperson was reached for comment on the matter, he told the outlet that the security team worked “around the clock” and that “when there is actionable information to share, they have it published and shared.”
The company said on Thursday that the compromised account could only view Microsoft’s source code because it did not have the necessary permissions to tamper with it. While the internal investigation is still ongoing, Microsoft said it has so far “found no evidence of access to production services or customer data” and “no evidence that our systems have been used to attack others.”
G / O Media can receive a commission
While hackers may not have been able to change Microsoft’s source code, even a sneak peek into the company’s secret sauce can have disastrous consequences. Bad actors could use that kind of insight into the inner workings of Microsoft’s services to help them bypass security measures in future attacks. The hackers essentially scored blueprints for potentially hacking Microsoft products.
Experts believe that the state-sponsored Russian group known as ATP 29, SolarWinds already infiltrated in 2019, but the attack went under the radar until earlier this month. The team of highly sophisticated hackers reportedly used malware tucked away in the Texas-based software company’s product that could quietly collect user data such as internal correspondence, keystrokes and credentials.
According to SolarWindsmore than half of Orion’s 33,000 customers may have been infected. Her clientele includes the Department of Homeland Security, State, and Finance among dozens of other federal agencies, as well as three-quarters of the Fortune 500 companies. Federal investigations are ongoing and the scale of the attack is still being uncovered, as Microsoft’s latest revelation illustrates.