- Microsoft has revealed that SolarWinds hackers have been able to breach its security and have access to sensitive source code, although they have not been able to make changes to it.
- The company said hackers did not have access to production services or customer data and that the company’s systems were not used to attack other targets.
- Some security experts believe that even a look at the data in the source code could provide information that could help future attacks.
One of the worst things that happened last year was the massive SolarWinds hack in mid-December, which affected government agencies and Fortune 500 companies. Hackers are always trying such attacks, but the SolarWinds attack is more dangerous. , because it is believed to come from Russia. The Kremlin may deny the operation, but experts have already pointed the finger at Russia since the early days of the investigation. More than two weeks after the hacks, Microsoft revealed that the attackers were able to access critical software, source code from one or more undisclosed products.
Microsoft explained in a blog post that hackers could not change the source code. But even just a glance at a source code from a company like Microsoft could be enough for hackers to develop new attacks that compromise other Microsoft products.
The best deals today 
The best-selling respirators are on sale for just $ 2.12 each thanks to this Amazon coupon Price list:$ 49.99 Price:$ 42.49 You save:USD 7.50 (15%) 
Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission
If a nation-state has launched the SolarWinds attack, then access to the source code is even more important. Microsoft did not explain in its blog post what type of source code was seen, so it is not clear what type of software could be affected. Let’s not forget that Microsoft produces a lot of software other than Windows. The company produces tons of software, which explains why hackers would follow its secrets. The list includes the popular Office suite, as well as a variety of applications and cloud solutions. Many companies and government agencies rely on Microsoft software, and source code information could provide attackers with new ways to circumvent security solutions and penetrate targets in future attacks.
Microsoft released its new findings on December 31, however Reuters reports that three people informed about the problem said that the software giant had known for days that its source code had been breached during the attack.
“The source code is the architectural blueprint for how the software is built,” Andrew Fife of Cycode told the news organization. Cycode is an Israeli company that develops source code solutions. “If you have the plan, it’s much easier to create attacks.” Cycode’s technology director Ronen Slavin wondered what kind of source code was accessed. “For me, the biggest question is, ‘Was this gratitude for the next big operation?’ Slavin asked.
This is how Microsoft described unauthorized access to the source code:
We detected unusual activity with a small number of internal accounts, and when we examined it, we found that an account was used to view the source code in a number of source code repositories. The account did not have permissions to modify any engineering code or systems, and our investigation further confirmed that no changes were made. These accounts have been investigated and remedied.
The company also explained that its investigation did not find “any evidence of access to production services or customer data. The investigation, which is ongoing, also found no indication that our systems were used to attack others. “The FBI is also investigating the SolarWinds attacks.
Microsoft did not name Russia in the post, but said it believed it was fighting “a very sophisticated national state actor.”
The company also says it uses a “breach” philosophy in its security practices. This is an assumption that the attackers will violate his security. The company also explained that it uses open-source principles within the company to make the source code visible within Microsoft. “This means that we do not rely on the secret of the source code for product security, and our threat models assume that attackers have knowledge of the source code,” the company wrote. “Therefore, viewing the source code is not related to increasing the risk.”
Microsoft’s blog post is meant to reassure governments and customers, but the fact remains that hackers may be in possession of the kind of secrets they shouldn’t have access to. Time will tell if gaining access to Microsoft’s source code will allow the same team of attackers to create even more sophisticated hacks.
Chris Smith began writing about gadgets as a hobby, and before he knew it, he was sharing his views on technical stuff with readers around the world. Whenever he doesn’t write about gadgets, he can’t stay away from them, even though he tries desperately. But that’s not necessarily a bad thing.