Microsoft says SolarWinds hackers have compromised its source code

An illustration of an article titled Microsoft says SolarWinds Hackers also broke in its source code

Photo: Jenna Moon (Getty Images)

Hackers behind the massive SolarWinds Cyber ​​Attack, An allegedly Russian-backed operation that led to the penetration of networks in several US agencies and companies on the Fortune 500 list, and also penetrated Microsoft’s internal systems and gained access to one of the company’s most guarded secrets: Its source code.

„We detected unusual activity with a small number of internal accounts, and upon review, we discovered that one account had been used to display source code in a number of source code repositories,” the Microsoft Security Response Center team said at Blog post Thursday.

Microsoft had a It was previously confirmed He, like dozens of other cyber attack victims, downloaded malicious code hidden in the popular network management tool SolarWinds Orion Platform. But the revelation released on Thursday is her first admission that hackers have accessed the company’s internal systems.

It remains unclear what parts of Microsoft’s source code repositories the hackers were able to obtain. Three people know about the topic To Reuters Microsoft has known for days that its source code has been hacked. When reached for comment on the matter, a Microsoft spokesperson told the implementer that their security team was working „around the clock” and that „when there is actionable information to share, they publish and share it.”

The company said Thursday that the hacked account was only able to view Microsoft’s source code because it did not have the necessary permissions to tamper with it. While its internal investigation is still ongoing, Microsoft said it has yet to find „any evidence of accessing production services or customer data” and „no indications that our systems have been used to attack others.”

Although the hackers may not have been able to change Microsoft’s source code, just taking a peek at the company’s secret sauce could have dire consequences. Bad actors can use this kind of insight into the inner workings of Microsoft’s services to help them circumvent its security measures in future attacks. Hackers mainly scored schemes of how to compromise potential Microsoft products.

Experts think so State sponsored Russian group Known as ATP 29, SolarWinds broke through early in 2019, but the attack remained under the radar until earlier This month. The highly sophisticated team of hackers has reportedly used malware hidden in the products of the Texas-based software company that can quietly collect user data such as internal correspondence, keystrokes and credentials.

to me SolarWindsIn fact, more than half of Orion’s 33,000 clients may have been infected. Its clients include the Ministries of Homeland Security, State, and Treasury, among dozens of other federal agencies, as well as three-quarters of the companies on the Fortune 500 list. FBI investigations are ongoing and the scope of the attack remains undisclosed, he explains. Microsoft recently revealed.

READ  Actualizări din sectorul energetic - Energie și resurse naturale

Lasă un răspuns

Adresa ta de email nu va fi publicată. Câmpurile obligatorii sunt marcate cu *