The hackers behind the massive SolarWinds cyberattack, an operation allegedly backed by Russia that compromised networks at many U.S. agencies and Fortune 500 corporations, also broke into Microsoft’s internal systems and accessed the company’s most closely guarded secret: its source code.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” said the Microsoft Security Response Centre team in a blog post on Thursday.
Microsoft had previously confirmed that it, like the scores of other cyberattack victims, unknowingly downloaded malicious code hidden in SolarWinds’ popular network management tool Orion Platform. But Thursday’s disclosure is its first admission that hackers accessed internal company systems.
Exactly what portions of Microsoft’s source code repositories the hackers managed to get their hands on remains unclear. Three people briefed on the matter told Reuters that Microsoft has known for days that its source code was breached. When reached for comment on the matter, a Microsoft spokesperson told the outlet that its security team was working “around the clock” and that “when there is actionable information to share, they have published and shared it.”
The company said Thursday that the compromised account was only able to view Microsoft’s source code as it did not have the necessary permissions to tamper with it. While its internal investigation is still ongoing, Microsoft said it has so far found “no evidence of access to production services or customer data” and “no indications that our systems were used to attack others.”
While hackers may not have been able to change Microsoft’s source code, even just sneaking a peek at the company’s secret sauce could have disastrous consequences. Bad actors could use that kind of insight into the inner workings of Microsoft’s services to help them circumvent its security measures in future attacks. The hackers essentially scored blueprints on how to potentially hack Microsoft products.
Experts believe that the state-sponsored Russian group known as ATP 29 infiltrated SolarWinds as early as 2019, but the attack went under the radar until earlier this month. The team of highly sophisticated hackers reportedly used malware tucked away on the Texas-based software company’s product that could quietly harvest user data such as internal correspondence, keystrokes, and credentials.
According to SolarWinds, more than half of its 33,000 Orion customers may have been infected. Its clientele includes the Departments of Homeland Security, State, and Treasury among dozens of other federal agencies as well as three-fourths of the corporations on the Fortune 500 list. Federal investigations remain ongoing and the scope of the attack is still being uncovered, as Microsoft’s latest disclosure illustrates.