Microsoft on Thursday reported that its source code had been viewed, but not altered, by hackers involved in the massive cyber-espionage incident that affected thousands of companies and much of the federal government.
As Microsoft continues to investigate the massive SolarWinds attack, the company says it has discovered that its systems were infiltrated “beyond just the presence of malicious SolarWinds code.” In an update from its Security Response Center, Microsoft says that hackers were able to “view source code in several source code repositories,” but that the hacked account granting such access didn’t have permission to modify any code or systems.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft’s Security Response Center wrote in a blog post on Thursday. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
Fortunately, Microsoft says that while hackers went deeper than previously known, it found “no evidence of access to production services or customer data,” and “no indications that our systems were used to attack others.” Additionally, the company says that it regularly assumes adversaries can view its source code, and does not rely on the secrecy of source code to keep its products secure. Microsoft did not disclose how much code was viewed or what the exposed code is used for.
Earlier this month, Microsoft President Brad Smith said the attack was a “moment of reckoning” and warned about its danger. “This is not ‘espionage as usual,’ Smith said. “In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.”