Microsoft said Thursday that the hacker group that attacked SolarWinds was able to penetrate its networks and gain access to the source code, which experts say is a wake-up call.
It is currently unclear how much information hackers who used SolarWinds software to hack into confidential US government networks and other organizations were able to obtain from the repositories about Microsoft's source code, but this post suggests that they were also interested in learning the inner workings of Microsoft products.
Prior to this, Microsoft had already reported that, like other companies, it had discovered malicious versions of SolarWinds software inside its network, but the disclosure of the source code was only said now. According to Reuters sources, the company itself learned about this a few days ago. A Microsoft spokesperson said that security personnel worked "around the clock," and that "when useful information is available to share, they share and publish it."
The SolarWinds hack is one of the most serious cyber operations ever uncovered and has affected a number of US federal agencies and possibly thousands of companies and other organizations.
The hackers, according to Microsoft, did not change the source code, but according to experts, even a simple code review can give hackers an insight that could help them further subvert Microsoft products or services.
Microsoft noted that it provides extensive internal access to its code, and former employees confirm that it is more open than other companies. “This means that we do not rely on source code secrecy to keep our products secure, and our threat models assume that attackers know the source code. Thus, viewing the source code is not associated with increased risk,” the company said.
Microsoft also clarified that it did not find any evidence of hackers gaining access to " production services or customer data. "
Sources: microsoft.com | Reuters
0 Comments