Microsoft Source Code Accessed by SolarWinds Hackers

Source code is among a technology company’s most closely guarded secrets.

Edward Gately, Senior News Editor

January 4, 2021

3 Min Read
Source code

The hacker group that targeted SolarWinds software has accessed Microsoft source code, the instructions written when developing programs.

Microsoft’s investigation has revealed attempts beyond just the presence of malicious SolarWinds code in its environment.

“We detected unusual activity with a small number of internal accounts, and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft wrote in a blog. “The account did not have permissions to modify any code or engineering systems, and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”


Critical Start’s Randy Watkins

Source code is among a technology company’s most closely guarded secrets. And Microsoft has historically been careful about protecting it.

Randy Watkins is CriticalStart‘s CTO.

“Microsoft employs some of the best security practices in the world and has underscored that there did not appear to be any access to production or customer data,” he said. “There is still risk in attackers being able to view the source code. But I’m confident Microsoft is thoroughly investigating the potential impact and actively working to mitigate it.”

In the SolarWinds hack, the malicious hackers inserted Sunburst malware into SolarWinds‘ Orion software updates. The updates, released between March and June 2020, were sent to nearly 18,000 customers.

This led to security breaches at numerous U.S. government agencies. Specifically, the attackers breached the National Telecommunications and Information Administration (NTIA), the Department of Homeland Security (DHS) and more. The attackers also breached SolarWinds’ corporate clients.

Worse than Originally Thought

The hack has impacted at least 250 federal agencies and businesses according to a New York Times report. It says Russia exploited layers of the supply chain to access the agencies’ systems.

In addition, the federal government’s focus on protecting the November elections from foreign hackers may have taken resources and focus away from the software supply chain. And conducting the attack from within the United States likely allowed the hackers to evade detection by the DHS.

Watkins said though the Kremlin has denied it, almost all sources point to Russia being the perpetrator of the attack. He also said cybersecurity and Russian diplomacy converge in the SolarWinds attack.

“Both of these issues are major on their own, but with the attribution of this attack to Russia, it becomes a very sensitive issue,” he said.

Security teams in both the public and private sectors work diligently to protect networks and data, Watkins said.

“However, the cybersecurity stature of most organizations is still relatively immature and struggles to keep pace with the rest of the business,” he said. “With this attack emphasizing the threats we face, a renewed focus on cybersecurity will hopefully provide budget and accountability.”

Targeting Sensitive Information

The security community has consistently shown the right amount of concern, Watkins said.

“There is a default assumption of breach that we base our responses on, and that has certainly played in our favor with this scenario,” he said. “As more organizations come forward, the mentality is more focused around how to respond rather than lamenting the potential impact.”

It’s clear this attack primarily focused on those housing sensitive information. The hard truth? It’s easier to break in than it is to defend, Watkins said.

“The technology and data landscape are continuously evolving and changing, giving attackers additional surfaces to exploit,” he said. “That said, the cybersecurity industry continues to innovate in both technology and people. Education in the cybersecurity field is bringing in a new generation of offensive and defensive security individuals to combat the threats we face.”

Bar Block is threat intelligence researcher at Deep Instinct. She said there’s more bad news expected in the coming weeks. Even more organizations compromised by the malware will come forward.

“The large interest in the attack and its scale will probably result in the release of more technical details and behavioral evidence, as many in the cybersecurity field investigate the attack and analyze the malware samples,” she said.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like