Microsoft says Solarwinds hackers merged into its source code


Illustrated for the article titled Microsoft says Solarwinds hackers have also broken into its source code

Photo: Jinnah Moon (Getty Images)

Hackers behind the giant Solarwinds cyberrate t c, Many U.S. The Russian-backed operation, which tampered with the networks of agencies and Fortune 500 corporations, also broke into MicroSF’s internal systems and sedated one of the company’s most closely guarded secrets.: Its source code.

The team at the Micro Security Security Response Center said: “We found unusual activity with a small number of internal accounts and on review we discovered that one account was used to view source code in many source code repositories. A blog post On thursday.

Microsoft had Previously confirmed It, like the scores of other cybertech victims, hides inadvertently downloaded malicious code in Solarwinds’ popular network management tool Orion Platform. But Thursday’s announcement is its first entry that hackers entered internal company systems.

It is unknown at this time what he will do after leaving the post. The matter was reported by three people Told Reuters Microsoft has known for several days that its source code was violated. When contacted for comment, a Microsoft spokesperson told Outlet that its security team works “twenty-four hours a day” and that “when it comes to sharing actionable information, they publish it and share it.”

The company said on Thursday that the compromising account was only able to view the source code of the micro .ft, as it did not have the necessary permissions to tamper with it. While its internal investigation is still ongoing, Microsoft said it has not yet found “any evidence of access to product services or customer data” and “no indication that our systems are being used to attack others.”

While hackers have not been able to change the source code of the micro .ft, clinging to the company’s secret sauce can have disastrous consequences. The bad actor, using this kind of insight into the internal operation of the services of Micro .ft can help prevent its security measures in future attacks. The hackers essentially created blueprints on how to potentially hack micro .ft products.

Experts believe that State-sponsored Russian group In early 2019 ATP 29 was known as infiltrating solarwinds, but until the attack was under radar This month. A team of sophisticated hackers using malware on the products of a Texas-based software company can quietly harvest user data such as internal correspondence, keystrokes and credentials.

According to Solarwinds, More than half of its 33,000 Orion customers would have been infected. Its clients include dozens of other federal agencies, including the Departments of Homeland Security, State and Treasury, as well as three-quarters of the corporations on the Fortune 500 list. The federal investigation is ongoing, and the latest revelations from Microsoft.com show that the opportunity for an attack is still open.

.