Microsoft has hacked SolarWinds’ cyber attack on Russia

“We detected unusual activity with a small number of internal accounts, and after reviewing, we found that an account was used to view the source code in a number of source code repositories,” Microsoft said in a statement.

This compromised account was able to view Microsoft’s source code, but made no changes, the company said.

Microsoft’s disclosure raises the specter that hackers could have targeted and compromised other technology companies, said Sherri Davidoff, executive director of security consulting firm LMG Security LLC. “That’s why these hackers are targeting these companies,” she said. “They do not want access to a single company. They want access to anything. “

A Microsoft spokesman declined to say which products or internal systems were affected by the intrusion.

The company “found no evidence of access to production services or customer data” and “did not indicate that our systems were used to attack others,” the company said.

The SolarWinds attack dates back at least to October 2019 and has led to a series of cyber investigations by the government and private industry. Through a back door, the attackers installed in SolarWinds’ Orion network software, hackers found their way into systems belonging to the Department of Homeland Security, the State Department, the Treasury and Commerce departments and others.

The US government and cybersecurity officials have linked the attack to Russia. The Kremlin has denied involvement in the hacks.

A Wall Street Journal analysis of Internet records identified infected computers at two dozen organizations that installed SolarWinds’ contaminated network monitoring software. Among them: technology giant Cisco Systems Inc.,

Intel chip manufacturers Body.

and Nvidia Body.

, and accounting firm Deloitte LLP.

The hackers also compromised at least one reseller of Microsoft cloud-based computing services and tried to use it as a way to gain access to emails from cybersecurity provider CrowdStrike. Inc.

This attempt was unsuccessful, CrowdStrike said last week. Microsoft is the second largest cloud computing company in the world after Amazon.com Inc.

The SolarWinds attack went undetected for months and was discovered by FireEye Inc.,

a cybersecurity company when hackers sounded an alarm. FireEye put more than 100 cyber details in charge of investigating the hack of its systems, before finalizing the SolarWinds program as a source of compromise.

The US government and corporate investigators are still trying to assess what information hackers have been able to gather in what cybersecurity officials have described as one of the biggest breaches of US networks in recent years.

Software development technologies have long been considered a sensitive target in cyber attacks. Source code management systems, such as those accessed by Microsoft hackers, are used by software developers to build their products. Gaining access to them could give hackers a perspective on new ways to attack these products, security experts say.

“Owning source code could reduce the time and analysis to identify vulnerabilities, but attackers are still able to identify vulnerabilities without source code,” said Window Snyder, a former chief security officer at Square Inc. “It’s another tool in the toolbox.”

In the case of SolarWinds, attackers could do more than simply view the source code. They compromised the system used by SolarWinds to assemble its finished software products and managed to introduce malicious code into SolarWinds’ own software updates, which were delivered to approximately 18,000 customers, including Microsoft and FireEye.

Write to Robert McMillan to [email protected]