SolarWinds hackers accessed Microsoft source code

The firm doesn't consider this as an elevation of risk due to its open source development best practices

Programming code abstract on a reflective background

The cyber criminals that compromised SolarWinds in a sophisticated supply chain cyber attack broke into Microsoft and accessed the company’s source code as the list of confirmed victims expands beyond 250.

Microsoft confirmed that the attackers, linked by US authorities to the Russian state, accessed source code repositories as part of the attack, but didn’t alter the codebase at the heart of the firm’s core products and services. They did so through an internal account that had permissions to view, but not edit, these repositories. 

The company has suggested, however, that viewing access to source code isn’t tied to an elevation of risk due to the firm’s use of open source development best practices, which allows source code to be viewable by employees.

It was previously reported by Reuters that the hackers had compromised Microsoft as part of its efforts to load SolarWinds’ Orion security platform with malware, although the company denied that its own software was, in turn, used to attack others.

This is despite a Securities and Exchange Commission (SEC) filing revealing that Microsoft Office 365 accounts of SolarWinds employees were broken into. SolarWinds suggested, according to this document, that it was aware of an attack vector used to compromise the company’s emails, with this intrusion also granting attackers access to other data contained in its Microsoft-developed productivity suite.

The news comes as the list of confirmed victims of the gigantic hack continues to expand, with more than 250 US government agencies and businesses having been compromised, according to the New York Times

Although hackers effectively gained access to the networks of 18,000 SolarWinds public sector and business customers when they compromised the Orion security platform, probes were thought to have been sent to only a few dozen. This figure of 250, which the publication ascertained through multiple interviews, represents a much broader pool of potential victims.

The monster hack first emerged last month after FireEye disclosed that it had been compromised by foreign hackers, who made off with advanced penetration tools. Only afterwards did the US Cybersecurity and Infrastructure Security Agency (CISA), as well as Microsoft, warn of a supply chain attack involving SolarWinds

In the immediate aftermath of the revelations, Microsoft went so far as to block its customers from accessing malicious SolarWinds binaries for the compromised Orion platform. The company had previously released detections alerting users to the presence of these binaries, with a recommendation to isolate and investigate flagged devices. 

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
What is cyber warfare?
Security

What is cyber warfare?

2 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
EU plans to launch bloc-wide cyber task force
cyber attacks

EU plans to launch bloc-wide cyber task force

22 Jun 2021