As Microsoft continues to investigate the massive SolarWinds attack, the company claims it has found that its systems were compromised “beyond just the presence of malicious SolarWinds code.” Microsoft says in an update from Security Response Center that hackers were able to “view source code in several source code repositories,” but that hacked account granting such access didn’t have permission to modify any code.
Although Microsoft refers to “a very sophisticated actor of the nation-state” as the culprit, Russia has been implicated by the US government and cybersecurity officials as the architects of the overall SolarWinds attack. An extensive list of sensitive organisations was exposed by the attack, and today’s Microsoft disclosure indicates that we will all be unravelling the effects of the attack for weeks and months to come.
Fortunately, Microsoft says that while hackers went deeper than previously known, it discovered “no evidence of access to production services or consumer data,” and “no indication that our systems were used to target others.” Also, the company says that it regularly expects that its source code can be viewed by adversaries and does not rely on source code to keep its services secure. How much code was viewed or what the exposed code was used for was not revealed by Microsoft.
Microsoft President Brad Smith said earlier this month that the attack was a “moment of reckoning” and warned about its threat. “This is not ‘espionage as usual,’ Smith said. “In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure to advance one nation’s intelligence agency.”