As Microsoft continues to investigate the massive SolarWinds attack, the company claims it has found that its systems were compromised “beyond just the presence of malicious SolarWinds code.” Microsoft says in an update from Security Response Center that hackers were able to “view source code in several source code repositories,” but that hacked account granting such access didn’t have permission to modify any code.
Although Microsoft refers to “a very sophisticated actor of the nation-state” as the culprit, Russia has been implicated by the US government and cybersecurity officials as the architects of the overall SolarWinds attack. An extensive list of sensitive organisations was exposed by the attack, and today’s Microsoft disclosure indicates that we will all be unravelling the effects of the attack for weeks and months to come.
Fortunately, Microsoft says that while hackers went deeper than previously known, it discovered “no evidence of access to production services or consumer data,” and “no indication that our systems were used to target others.” Also, the company says that it regularly expects that its source code can be viewed by adversaries and does not rely on source code to keep its services secure. How much code was viewed or what the exposed code was used for was not revealed by Microsoft.
Microsoft President Brad Smith said earlier this month that the attack was a “moment of reckoning” and warned about its threat. “This is not ‘espionage as usual,’ Smith said. “In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure to advance one nation’s intelligence agency.”
[…] Microsoft with its operating systems has already made a larger impact in the market but now it is shooting its effort against Apple’s Mac lineup. A new ad has been uploaded on the YouTube channel of Microsoft Surface regarding Surface Pro 7 depicting it as a better choice than Apple’s MacBook Pro. […]
[…] taking a job in cybersecurity John Fokker takes a job at the Dutch National Police in the role of Digital Investigations Expert. […]
[…] problem is Microsoft’s latest security nightmare. In December, SolarWinds hackers stole part of the company’s source code, in March, its Exchange email servers were penetrated and […]