Microsoft agrees that the hackers viewed their source code
An illicit account associated with the SolarWinds hack was used to view some of Microsoft’s internal source code, the company revealed.
The hacking group behind the SolarWinds was able to break into Microsoft Corp and access some part of its source code, something experts said was a wrong move and sent a worrying signal.
However, Microsoft firmly rejected any risk associated with the intrusion, stating that the company’s software development relies on code sharing within the company, a practice called inner source.
The company agreed hackers viewed some of the underlying Microsoft software code but were not able to make any changes. The company said it found no evidence of hacker access to customer data and no indication that its systems were used to attack others.
Microsoft said that hackers tied to many US government agencies and private firms intruded deep into its systems than what was previously thought.
About a week ago it was reported that Microsoft-authorized resellers were hacked and access to the company’s productivity programs led to attempts to read an email.
Microsoft even said it had not found any evidence of access to production services. The company also stated it doesn’t rely on keeping the program code secret as a security measure.
The Cybersecurity experts and US officials suspect Russia was behind the hack that infiltrated over 40 federal agencies, including the departments of Treasury, Energy and Commerce, as well as government contractors. However, Russia has denied the blame.
The hack began as early as March 2020 when a malicious code was slipped into updates of the SolarWinds software. Microsoft responded to the breach with the help of the cybersecurity firm FireEye.
It is not clear still what parts of Microsoft’s source code repositories the hackers were able to access, but details suggest that the hackers who used SolarWinds software to break into US government networks also had an interest in discovering the workings of Microsoft products. Microsoft accepted some vendor access was misused but did not reveal how many customer accounts were breached.
Just modifying the source code could have potentially disastrous consequences on Microsoft products like the Office productivity suite and the Windows operating system. Experts also suggest that just reviewing the code could offer hackers insight that may likely help them sabotage Microsoft products or services.
Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.