- Microsoft revealed that SolarWinds hackers were able to breach their security and access sensitive source code, although they were unable to make any changes to it.
- The company said hackers did not access production services or customer data and the company’s systems were not used to attack other targets.
- Some security experts think that even a look at the source code data can provide information that could help in future attacks.
One of the worst things that happened last year was the massive SolarWinds hacking since mid-December that affected government agencies and Fortune 500 companies. Hackers try attacks like this all the time, but the SolarWinds attack is more dangerous because it is believed to have originated in Russia. The Kremlin could deny the operation, but experts have already pointed to Russia from the early days of the investigation. More than two weeks after the hackers, Microsoft revealed that attackers were able to access critical software, the source code of one or more undisclosed products.
Microsoft explained in a blog post that hackers could not modify the source code. But even a simple look at the source code of a company like Microsoft may be enough for hackers to develop new attacks that compromise other Microsoft products.
Today’s offer 
The best-selling respirators are on sale for just $ 2.12 each thanks to this Amazon coupon List price:$ 49.99 Price:$ 42.49 Save:$ 7.50 (15%) 
Available on Amazon, BGR may receive a commission Available on Amazon BGR may receive a commission
If a nationwide state launched the SolarWinds attack, access to the source code is even more important. Microsoft did not explain in its blog post what type of source code was viewed, so it is unclear what type of software might be affected. Let’s not forget that Microsoft makes a lot of software that isn’t just Windows. The company produces a lot of software, which explains why hackers would go looking for their secrets. The list includes the popular Office suite, as well as a variety of applications and solutions in the cloud. Many companies and government agencies rely on Microsoft software, and source code data could offer attackers new ways to evade security solutions and penetrate targets in future attacks.
Microsoft released its new findings on December 31, however Reuters reports that three people informed about the matter said that the software giant had already known for days that its source code had been breached during the attack.
“Source code is the architectural blueprint for how software is built,” Andrew Fife of Cycode told the news organization. Cycode is an Israeli-based company that develops source code solutions. “If you have the plan, it’s much easier to create attacks.” Cycode chief technology officer Ronen Slavin wondered what kind of source code was accessed. “For me, the biggest question is,‘ Was this reconstruction for the next big operation? ’” Slavin asked.
This describes Microsoft’s unauthorized access to the source code:
We detected unusual activity with a small number of internal accounts, and when we reviewed it, we found that an account had been used to display the source code in various source code repositories. The account did not have permissions to modify any code or engineering system, and our investigation confirmed that no changes were made. These accounts were investigated and amended.
The company also explained that its research has not found “evidence of access to production services or customer data. The investigation, which is ongoing, has also found no evidence to indicate that our systems were used. to attack other people. ”The FBI is also investigating SolarWinds’ attacks.
Microsoft did not name Russia on the spot, but made it clear it believes it is fighting “a very sophisticated nation-state actor.”
The company also says it uses a philosophy of “assuming non-compliance” in its security practices. This means that the attackers will breach their security. The company also explained that it uses open source principles within the company to make the source code visible to Microsoft. “This means we don’t rely on source code secrecy for product security, and our threat models assume that attackers are aware of the source code,” the company wrote. “Therefore, source code display is not related to risk elevation.”
Microsoft’s blog entry is meant to reassure governments and customers, but it’s still the fact that hackers could have the kind of secrets they shouldn’t have access to. Time will tell if gaining access to Microsoft’s source code will allow the same team of attackers to create even more sophisticated hackers.
Chris Smith began writing about gadgets as a hobby, and before he knew it, he was sharing his views on technology issues with readers around the world. Whenever he doesn’t write about gadgets, he can’t get away from them, even though he tries desperately. But this is not necessarily a bad thing.