[ad_1]
The hackers behind one of the worst breaches in US history have read and downloaded Microsoft’s source code, but there is no evidence that they were able to gain access to production servers or data. customers, Microsoft said Thursday. The software maker also said it could not find any evidence that hackers used Microsoft’s compromise to attack customers.
Microsoft released the results after completing an investigation opened in December after learning that its network had been compromised. The breach was part of a large-scale hack that compromised SolarWinds’ widely used Orion network management software distribution system and pushed malicious updates to Microsoft and approximately 18,000 other customers.
The hackers then used the updates to compromise nine federal agencies and around 100 private sector companies, the White House said on Wednesday. The federal government said the pirates were likely backed by the Kremlin.
In a Thursday morning post, Microsoft said it had completed its investigation into the hacking of its network.
“Our analysis shows that the first consultation of a file in a source repository took place in late November and ended when we secured the affected accounts,” said Thursday’s report. “We continued to see unsuccessful access attempts by the actor until early January 2021, when the attempts stopped.”
The vast majority of the source code was never viewed, and for the repositories that were accessed, only “a few” individual files were viewed as a result of a search of the repository, the company said. There was no instance in which all repositories for a given product or service were accessed, the company added.
For a “small” number of repositories, there was additional access, including downloading the source code. The repositories concerned contained the source code for:
- a small subset of Azure components (service, security, identity subsets)
- a small subset of Intune components
- a small subset of Exchange components
Thursday’s report went on to say that, based on the research the hackers did on the repositories, their intention appeared to be to uncover “secrets” included in the source code.
“Our development policy prohibits secrets in code and we use automated tools to verify compliance,” company officials wrote. “Due to the activity detected, we immediately initiated a verification process for the current and historical branches of the repositories. We confirmed the repositories were compliant and did not contain any live production IDs. “
The hacking campaign began no later than October 2019, when attackers used the SolarWinds software build system in a test. The campaign was not discovered until December 13, when security firm FireEye, itself a victim, first exposed the SolarWinds compromise and the resulting software supply chain attack on its customers. Other organizations affected included Malwarebytes, Mimecast, and the US Departments of Energy, Commerce, Treasury and Homeland Security.
[ad_2]
Source link