Microsoft: SolarWind hackers stole source code for three products

The devious hackers behind one of the drastic breaches in US history accessed and downloaded significant Microsoft source code. However, Microsoft stated that there’s no eligible evidence the hackers could access production servers or any customer data. Microsoft also stated that it found no evidence about the hackers using the Microsoft compromise services to attack any customers.

The company released the findings after completing a thorough investigation that started in December. It learned of the network compromise! The network breach was a part of a severe wide-ranging hack that held the distribution systems for the widely used Orion network-management software from the company SolarWinds. It also erupted malicious updates to Microsoft and around 18,000+ other customers. After that, the hackers used these updates to compromise nine major federal agencies and around 100 private-sector companies.

The federal government stated that the Kremlin most likely backed the hackers. A recent post by Microsoft stated that it conducted a thorough investigation into the network hack.  “The analysis by Microsoft shows that the initial viewing of a file in a source code repository occurred late November and ended when Microsoft secured the affected accounts. We also witnessed several unsuccessful attempts to access by the actor into early January 2021, when the attempts thereby stopped.”

A significant part of the source code was never accessed. Microsoft stated that only a handful of individual files were viewed because of the repository search for the repositories that the hackers accessed. There was no case at all where the repositories for a specific product or service were accessed.

For a handful of the repositories, there were additional access codes, including downloading the source code. The affected repositories held the source codes for:

  • A specific subset of Azure components (subsets of service, security, identity)
  • A specific subset of Intune components
  • A specific subset of Exchange components

The recent report also stated that based on the new searches that the hackers conducted on the repositories, their intent seemed to uncover “secrets” that the source code contains.

“The development policy of Microsoft prohibits any secrets in code, and we regularly conduct automated tools to verify any compliance,” Microsoft stated. “Because of the early detected activity, we could immediately initiate a thorough verification process for the current and historical branches of the various repositories. We thereby confirm that the repositories complied and didn’t have any live or production credentials.”

The hacking campaign started in October 2019, when the hackers used the SolarWinds software build system to conduct a test run. The hacking campaign wasn’t detected until December 13, when security firm FireEye, who was itself a victim, initially revealed the SolarWinds compromise and the resulting software supply chain attack on the customers. Other organizations that suffered include Malwarebytes, Mimecast, and the US departments of Energy, Commerce, Treasury, and Homeland Security.

Diana Coker

Senior Assistant Editor at Technowize. Diana Coker writes about Drones, Virtual Reality, Artificial Intelligence, Gadgets and Gaming. When she is not writing, she prefers exploring cities and new cultures. | Diana tweets over at @cokersays

Recent Posts

NASA’s Ingenuity Mars Helicopter attempts maiden flight over Red Palnet

NASA's Ingenuity Mars Helicopter will make its first flight over the Red Planet Mars on…

16 hours ago

Starlink service to be fully mobile by the end of 2021

SpaceX’s new Starlink satellite internet service is ready to go “fully mobile.” The company’s founder…

3 days ago

Oracle considering $1.2 billion campus in Nashville

Austin-based software giant Oracle Corp. plans to plans to invest $1.2 billion in a new…

5 days ago

The Pandemic has had a fallout on the supply chains of many businesses, including technology,…

7 days ago

Musk’s Neuralink posts video of monkey playing video game with his mind

Neuralink, the startup founded by Elon Musk, is mainly engaged in finding a symbiotic connection…

1 week ago

CVC Capital offers to buy out Toshiba

CVC Capital Partners has offered Toshiba $20bn to take the Japanese conglomerate private. Toshiba confirmed…

2 weeks ago