Microsoft: SolarWinds hackers had access to our source code – Computer – News

Hackers who recently managed to break into large companies and government agencies via SolarWinds software have also seen the source code of Microsoft products. The company says the attackers were unable to adjust those.

In the hack on Microsoft, the hackers did manage to steal information, the company writes in a blog post. Microsoft was one of the companies affected by the supply chain attack on SolarWinds in December. In that attack, a group of hackers from presumably Russia managed to break into various US ministries, government agencies and companies. This was done by infecting an update to network monitoring software Orion. Microsoft said then that the hackers had also penetrated that company’s systems, but no information was stolen.

Now Microsoft says after more research that the hackers did have access to certain data. This includes the source code of some products, although the company does not say which software is involved. The hackers would have taken over several internal accounts, one of which has looked up the source codes. According to Microsoft, that account had no permissions to modify code. Microsoft does not write whether that code has also been exported.

Microsoft says it uses an innersource approach to writing code. As a result, according to the company, all employees can view all code. “Within us threat model We assume that hackers can access our source code, “the company writes. Microsoft says customer data has not been stolen and that no SAML tokens have been stolen, as some other SolarWinds victims have done.

–