Microsoft’s Source Code Accessed By the Hackers Included In SolarWinds Cyber Attack, Claims Microsoft
Microsoft revealed on Thursday, that the hacker group responsible for the cyberattack on SolarWinds was somehow able to cut in their corporation and viewed some of its source codes. Microsoft also mentioned that they have discovered some form of unusual activities in some of their internal accounts and when investigated, they were able to detect and locate that one of the accounts with unusual activities was used to view the source code from several source code repositories.
However, the account used to view the source code didn’t had any permissions to change the code or engineering systems in any way. Still, an investigation was done to be double-sure that no changes were made in any form. Later the accounts were further investigated and taken care of.
Microsoft also explains that how their threat models are designed with the assumption that attackers are already aware about their source code and relying on hiding source code for security should not be an option. With this approach, the source code is viewable within Microsoft and the breach that took place to view source code does not increase any chances of risk of a cyber attack.
Generally, the source code of the company or any organization has the highest security and is kept secret as long as possible. A source code is a text listing of commands that are assembled to make an executable computer program. It was already made clear that like all other firms, Microsoft too had found SolarWinds malicious software versions but the update about the viewing of source code via an internal account is new.
Microsoft didn’t clear out in detail about which source code repositories were accessed and exactly how many. It’s nowhere mentioned in the blog by Microsoft. But they made it clear the breached account was only used to view source code and never accessed any customer data and or production service. The facts included in the disclosure are a part of an on-going investigation.
This disclosure by Microsoft about the breaching of internal accounts and being used for viewing source code is another discovered breach being part of the cyberattack on the Texas-based company SolarWinds security software gaining access to networks of U.S. government and some other tech companies. It could also be seen as adding to compromises made in cyber attacks previously.
“We believe the Solorigate incident (SolarWinds supply chain attack) is an opportunity to work together in important ways, to share information, strengthen defenses and respond to attacks. Like other SolarWinds customers, we have been actively looking for indicators of the Solorigate actor and want to share an update from our ongoing internal investigation”, stated in Microsoft’s blog.