Microsoft Says ‘Solar Winds’ Hackers Hacked Internal Source Code

Cyber Threat

Microsoft admitted Thursday that its internal “source code,” a critical building block for its applications, was hacked by attackers who spearheaded a major hack of government and private computer networks.

But the US tech giant said the attack, attributed to Russian-led hackers by top US officials, did not compromise or alter any of its apps.

The news suggests an even larger attack vector for the abuse of security software developed by the US company SolarWinds. Hackers are also suspected to have had access to the programmes run by the US Treasury, Energy and Homeland Security Departments and a wide variety of other government and private sector victims.

Microsoft had previously noted “malicious SolarWinds applications” in its systems. The organisation said the hackers got further into its databases in an update on its internal investigation than widely thought.

We observed suspicious behaviour with a small number of internal accounts, and upon investigation, we found that in a number of source code repositories, one account had been used to access source code,”We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,”

“The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated”

Microsoft maintained that the latest revelation “has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor.”

The attack has been credited to a Russian-led campaign by both US Attorney General Bill Barr and Secretary of State Mike Pompeo, though President Donald Trump has refused to point his finger at Moscow.

The Cybersecurity and Information Protection Agency (CISA) said that in the months-long cyberattack, US government institutions, vital infrastructure companies and private sector organisations were revealed.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.