Suspected Russian Hackers Behind Massive Breach Accessed Microsoft's Source Code
By RFE/RL January 01, 2021
Suspected Russian government hackers behind a massive intrusion of government and private company networks were able to gain access into Microsoft's source code, a key building block for software or operating systems, the tech giant said on December 31.
Microsoft had previously acknowledged that, like U.S. government agencies and other firms, it had downloaded malicious SolarWinds software updates that provided hackers a backdoor into its networks.
But the revelation in a blog post that the hackers accessed Microsoft's source code is new, raising questions about the spies' intentions. The company did not say what part of the architectural blueprint the hackers accessed.
Downplaying the significance, Microsoft said the hackers gained access to a number of internal accounts but did not have permission to modify any code or engineering systems.
No changes were made before "these accounts were investigated and remediated," the firm said.
"This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we're learning as we combat what we believe is a very sophisticated nation-state actor," Microsoft said.
The U.S. government and cybersecurity experts are still trying to understand the full scale of the massive breach, which began as early as March when hackers slipped malicious code into updates in SolarWinds software used by the government and thousands of businesses and entities.
Microsoft has helped respond to the hack with cybersecurity firm FireEye, which discovered the breach when the security firm itself was targeted.
Top U.S. officials have blamed Russian intelligence agency hackers for the sophisticated operation, which Moscow has denied.
With reporting by AFP, AP, and Reuters
Copyright (c) 2021. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.
|Join the GlobalSecurity.org mailing list|