Microsoft says SolarWinds hackers accessed company source code
Microsoft said Thursday that the SolarWinds hackers were able to access company source code, although the technology giant described the incident as largely harmless in an update to an internal investigation.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft said in a blog post. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
The initial reports that Microsoft suffered a breach via updates to the SolarWinds Orion software generated some partial denials, but the investigation update helps illuminate what happened, and what didn’t, in an apparent cyber-espionage operation that also hit the federal government and other major companies.
Microsoft “found no evidence of access to production services or customer data. The investigation, which is ongoing, has also found no indications that our systems were used to attack others,” it said.
Microsoft had previously acknowledged that it discovered malicious SolarWinds applications in its systems.
It said that upon further investigation, it found no evidence of the common tools, techniques and procedures tied to the hackers’ aims of abusing Security Assertion Markup Language tokens with the goal of generating tokens that would allow access to cloud resources.
It’s also noteworthy that Microsoft’s approach to source code “means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code,” the post said. “So viewing source code isn’t tied to elevation of risk.”
Microsoft has dubbed the SolarWinds cyberattack “Solorigate,” something cybersecurity firm FireEye has called SUNBURST.
Besides its own role as a target of the SolarWinds hackers, Microsoft has sought to combat the cyber-espionage campaign by co-developing a “killswitch,” notifying potential victims, sharing intelligence and speaking out on the threat.