SolarWinds Hackers Accessed Microsoft Source Code

Microsft said, seeing source code isn’t a risk. There were some more attempted activities that were prevented by the company's security.

In its ongoing investigation of the massive SolarWinds attack, Microsoft recently unveiled that it has discovered that its systems were also infiltrated "beyond just the presence of malicious SolarWinds code."

Microsoft said that there was an unusual activity with a small number of internal accounts. During the investigation, the company discovered one account was used to view source code in a number of source code repositories. Since the account did not have the authority to modify any code or engineering systems and the investigation also further confirmed no changes were made.

The SolarWinds attack, which Microsoft called the world’s latest serious nation-state cyberattack,  effectively is an attack on the US and its government and other critical institutions, including security firms. The attack was initiated on the firm FireEye using malware inserted into network management software provided to customers by the tech company SolarWinds. Microsoft also detected malicious SolarWinds applications in its environment, which the company said isolated and removed.

The attack, according to Microsoft, is a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them. The cyberattack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft. 

Source: Microsoft

The company also said that as it does not rely on the secrecy of source code for the security of products, and its threat models already assume that attackers have knowledge of source code, So seeing source code isn’t tied to an elevation of risk. "This activity has not put at risk the security of our services or any customer data." There were some attempted activities that were thwarted by the company's protections.