Microsoft Corp (NASDAQ:MSFT) has indicated that suspected Russian hackers that conducted cyberattacks on US government agencies and private companies managed to get to its source code.
SolarWind attackers view Microsoft’s source code
The company has continued to investigate the SolarWinds attack stating that the hackers went beyond the SolarWinds code and viewed source code in several source code repositories. However, the company has indicated that the hacked account that granted the access didn’t have the authorization to modify the system or any code. Further investigations revealed that there were no changes made and the company investigated the accounts and remediated them. The company said in a blog post that the hack didn’t compromise customer data or the company’s services.
Microsoft has claimed that the culprit of that attack was a “very sophisticated nation-state actor” but cybersecurity officials and the US government has linked Russia to be behind the attacks. The SolarWinds attack exposed a list of sensitive organizations and the disclosure from Microsoft is an indication that unraveling the implications of the attack could take weeks or even months.
Microsoft doesn’t use source code to protect products
Fortunately despite the hackers going deeper than previously anticipated, they didn’t access customer data or production services. The company says that there is no evidence that its services were used in hacking others and it assumes that adversaries can view its code which it doesn’t rely on to keep its products secure. Microsoft said that its model assumes that hackers have access to the code and therefore access to the code doesn’t mean increased risk. However the company didn’t reveal the extent to the exposure of the code or what they use the code for,
At the beginning of December, the company’s President Brad Smith said that the attack was a wake-up call and warned about its impact. He said that it was not espionage as usual or an attack on a specific target but rather an attack on reliability and trust of the most vital global infrastructure to advance a particular country’s intelligence agency.