Hackers behind the massive SolarWinds Cyber Attack, An allegedly Russian-backed operation that led to the penetration of networks in several US agencies and companies on the Fortune 500 list, and also penetrated Microsoft’s internal systems and gained access to one of the company’s most guarded secrets: Its source code.
“We detected unusual activity with a small number of internal accounts, and upon review, we discovered that one account had been used to display source code in a number of source code repositories,” the Microsoft Security Response Center team said at Blog post Thursday.
Microsoft had a It was previously confirmed He, like dozens of other cyber attack victims, downloaded malicious code hidden in the popular network management tool SolarWinds Orion Platform. But the revelation released on Thursday is her first admission that hackers have accessed the company’s internal systems.
It remains unclear what parts of Microsoft’s source code repositories the hackers were able to obtain. Three people know about the topic To Reuters Microsoft has known for days that its source code has been hacked. Upon reaching for comment, a Microsoft spokesperson told the port that their security team was working “around the clock” and that “when there is actionable information to share, they publish and share it.”
The company said Thursday that the hacked account was only able to view Microsoft’s source code because it did not have the necessary permissions to tamper with it. While its internal investigation is still ongoing, Microsoft said it has yet to find “any evidence of accessing production services or customer data” and “no indications that our systems have been used to attack others.”
G / O Media may receive a commission
Although the hackers may not have been able to change Microsoft’s source code, just taking a peek at the company’s secret sauce could have dire consequences. Bad actors can use this kind of insight into the inner workings of Microsoft’s services to help them circumvent its security measures in future attacks. Hackers mainly scored schemes of how to compromise potential Microsoft products.
Experts think so Russian state sponsored group Known as ATP 29, SolarWinds broke through early in 2019, but the attack remained under the radar until earlier This month. The highly sophisticated team of hackers has reportedly used malware hidden away from the product of the Texas-based software company that can quietly collect user data such as internal correspondence, keystrokes and credentials.
to me SolarWindsIn fact, more than half of Orion’s 33,000 clients may have been infected. Its clients include the Ministries of Homeland Security, State, and Treasury, among dozens of other federal agencies, as well as three-quarters of the companies on the Fortune 500 list. FBI investigations are ongoing and the scope of the attack remains undisclosed, he explains. Microsoft recently revealed.
