Microsoft hacked in Russia-linked SolarWinds cyberattack

“We detected unusual activity with a small number of internal accounts and upon examination, we found that an account had been used to view source code in a number of source code repositories,” Microsoft said in a statement. .

This compromised account was able to view Microsoft’s source code, but not make any changes, the company said.

Microsoft’s disclosure raises the specter that hackers may have targeted and then compromised other tech companies, said Sherri Davidoff, managing director of security consultancy LMG Security LLC. “That’s why these hackers are going after these companies,” she said. “They don’t want to have access to just one company. They want to have access to everything. “

A Microsoft spokesperson declined to say which internal products or systems were affected by the intrusion.

The company “found no evidence of access to production services or customer data” and “no indication that our systems were used to attack other people,” the company said.

The SolarWinds attack dates back to at least October 2019 and has sparked a wave of cyber investigations within government and the private sector. Through a backdoor that attackers installed in SolarWinds’ Orion network software, hackers found their way into systems belonging to the Department of Homeland Security, State Department, Treasury and Commerce Departments and other.

The US government and cybersecurity officials linked the attack to Russia. The Kremlin has denied any involvement in the hacks.

A Wall Street Journal scan of Internet records identified infected computers at two dozen organizations that installed SolarWinds’ corrupt network monitoring software. Among them: technology giant Cisco Systems Inc.,

Intel chip makers Corp.

and Nvidia Corp.

and the accounting firm Deloitte LLP.

The hackers also compromised at least one Microsoft cloud computing services reseller and tried to use it to gain access to emails owned by cybersecurity provider CrowdStrike. Inc.

That attempt failed, CrowdStrike said last week. Microsoft is the second largest cloud computing company in the world after Amazon.com Inc.

SolarWinds attack went undetected for months and was discovered by FireEye Inc.,

a cybersecurity company, when hackers triggered an alarm. FireEye put more than 100 cyber detectives in charge of investigating the hijacking of its systems, before focusing on SolarWinds software as the source of the compromise.

U.S. government and corporate investigators are still trying to assess what information hackers may have gleaned from what cybersecurity officials have called one of the biggest breaches on U.S. networks in years.

Software development technologies have long been viewed as a sensitive target in cyber attacks. Source code management systems, such as the one accessed by Microsoft hackers, are used by software developers to create their products. Accessing them could give hackers a glimpse of new ways to attack these products, security experts say.

“Having the source code can reduce the time and analysis it takes to identify vulnerabilities, but attackers are still able to identify vulnerabilities without source code,” said Window Snyder, former chief security officer at Square Inc. “It’s another tool in the toolbox.”

In the case of SolarWinds, attackers were able to do more than just view the source code. They compromised the system SolarWinds uses to assemble its finished software products and were able to insert malicious code into SolarWinds’ own software updates that were shipped to approximately 18,000 customers, including Microsoft and FireEye.

Write to Robert McMillan at [email protected]