Microsoft Reveals SolarWinds Attackers Accessed Source Code

<p class="heading_excerpt">The tech giant is downplaying the news24nationificance of the access.</p>






















































        Microsoft has confirmed that the attackers behind the SolarWinds cyberattack successfully accessed company source code after compromising specific accounts with direct access.























        Microsoft doesn't believe the source code access will create any vulnerabilities in its extensive range of apps or Windows 10 itself, but disclosed the extent of the incident in a blog post.


















                SolarWinds Attackers Access Microsoft Source Code
















        The blog post on the Microsoft Security Response Center is another update from Microsoft on the SolarWinds cyberattack (which Microsoft refers to as "Solorigate").

















        Our investigation into our own environment has found no evidence of access to production services or customer data. The investigation, which is ongoing, has also found no indications that our systems were used to attack others.






















        However, the blog continues to explain that a small number of internal Microsoft accounts were compromised during the extensive cyberattack. One of those accounts was used to "view source code in a number of source code repositories," of which there are many thousands.






















        As the Microsoft account used to access the source code did not have permission to modify code, Microsoft is confident that no changes were made.






















        Related: Microsoft Reveals Actual Target of SolarWinds Cyberattack



















































        Accessing Microsoft source code sounds like a serious issue. However, Microsoft plan "security with an 'assume breach' philosophy," meaning the company works on the basis that attackers already have access to source code.





















        Furthermore, Microsoft takes an open-source approach to source code within the organization. Instead of hiding the source code away, the source code is viewable within Microsoft. Thus, all security is built from the ground up rather than relying "on the secrecy of source code for the security of products."





















        As source code for various Microsoft products has leaked online in recent years, this approach is more important than ever.



















                Are Other Tech Companies Affected by SolarWinds?
















        You've probably noticed one tech company talking about the SolarWinds cyberattack more than most. Microsoft is leading the way with transparency regarding the attack and its effect on the company and its products.





















        Related: Leading Cybersecurity Firm FireEye Hit by Nation-State Attack





















        But that doesn't mean Microsoft was the only tech company to fall foul of the cyberattack. We know that Cisco, Intel, Nvidia, Belkin, and VMware found the malware at the route of the attack on their internal networks.





















        Cybersecurity firm CrowdStrike also confirmed that the attackers had attempted to breach their network but failed, while FireEye said a "highly-sophisticated threat actor" had stolen several of its offensive hacking tools.





















        The biggest difference between Microsoft and the other tech firms (CrowdStrike and FireEye notwithstanding) is information disclosure. With up to 18,000 SolarWinds Orion customers potentially affected, the number of victims could still rise considerably.

















































        Why Charging Your Phone Overnight Is Bad
                        <p class="">Charging your smartphone overnight can damage the battery and shorten its lifespan. Here's everything you need to know.</p>













About The Author






        Gavin Phillips
                        (659 Articles Published)






            Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and was the Editor for MakeUseOf's crypto-focused sister site, Blocks Decoded. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football.


                        More From Gavin Phillips










                    Subscribe To Our Newsletter
                    Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals!





                    One More Step…!
                    Please confirm your email address in the email we just sent you.