Min menu


Hackers saw Microsoft source code


Microsoft said the hacking group behind the massive cyberattack against SolarWinds managed to break into Microsoft's systems and access some source code owned by the software giant, something experts said sends a disturbing signal about the ambition of spies.

Source code — the basic set of instructions that operates part of the software or operating system — is usually among the most protected technology company secrets, and Microsoft has historically been particularly keen to protect it.

It is not clear how much or what parts of Microsoft's source code enable hackers to access, but the revelation suggests that hackers who used SolarWinds as a starting point to break into sensitive U.S. government networks also had an interest in discovering the internal business of Microsoft products as well.

Microsoft revealed that it, like other companies, found harmful versions of SolarWinds within its network, but the disclosure of the source code was new and came in an update from its security response center.

The Security Response Center said: Hackers were able to display source code in a number of source code repositories, but the hacked account that granted this access did not have permission to modify any code or systems.

After Reuters reported that it had been hacked two weeks ago, Microsoft said it had found no evidence of access to production services or customer data.

It seems that the software giant has been aware for days that source code has been accessed, whose modification brings many serious consequences, given the ubion of Microsoft products, which include the Opus production group and windows operating system.

Experts said that the mere ability to review that code could provide hackers with insight that could help them sabotage Microsoft's products or services.

Source code can be used as a road map to help penetrate Microsoft products, but with reference to the company, elements of that code have been widely shared with foreign governments. 

Microsoft is unlikely to make the common mistake of leaving encryption keys or passwords in the code, which means that what happened will not significantly affect the security of its customers.

Microsoft noted that it allows extensive internal access to its code, and former employees agreed that it was more open than other companies.

Microsoft owns a wide range of products, from widely used Windows to lesser-known software, such as the Yammer social networking application and the Sway design application.

While Microsoft refers to a representative of a highly developed nation state as the culprit, the U.S. government and cybersecurity officials have mentioned Russia as the architect of the all-out attack against SolarWinds, which revealed a vast list of sensitive organizations.