Microsoft hacked the cyberattack SolarWinds linked to Russia

“We detected unusual activity with a small number of internal accounts, and upon reviewing it, we discovered that an account had been used to display the source code in multiple source code repositories,” Microsoft said in a statement.

This compromised account was able to view Microsoft source code, but make no changes, the company said.

Microsoft’s disclosure grows the ghost that hackers could have targeted and compromised other technology companies as well, said Sherri Davidoff, executive director of security consultancy LMG Security LLC. “That’s why these hackers are going to look for these companies,” he said. “They do not want to access a single company. They want to access everything. ”

A Microsoft spokesman declined to say which internal products or systems were affected by the intrusion.

The company “found no evidence of access to production services or customer data” and “there are no indications that our systems were used to attack others,” the company said.

The SolarWinds attack dates back at least to October 2019 and has sparked a wave of cyber investigations within government and private industry. Through a back door, the attackers installed on SolarWinds’ Orion network software, hackers found their way into systems belonging to the Department of Homeland Security, the State Department, the Treasury and Commerce departments And others.

The U.S. government and cybersecurity officials have linked the attack to Russia. The Kremlin has denied involvement in hackers.

An analysis by the Wall Street Journal of Internet logs identified infected computers in two dozen organizations that installed SolarWinds’ contaminated network control software. Among them: technology giant Cisco Systems Inc.,

intel chip manufacturers Corp.

and Nvidia Corp.

, and the accounting firm Deloitte LLP.

Hackers also compromised at least one Microsoft cloud-based computer service provider and tried to use it as a way to access the emails of cybersecurity provider CrowdStrike. Inc.

That attempt was unsuccessful, CrowdStrike said last week. Microsoft is the second largest cloud computing company in the world after Amazon.com Inc.

The SolarWinds attack was detected for months and was discovered by FireEye Inc.,

a cybersecurity company, when hackers set off an alarm. FireEye put more than 100 cyber details into the task of investigating the hacking of its systems, before ending the SolarWinds program as a source of compromise.

U.S. government and business investigators are still trying to assess what information hackers got about what cybersecurity officials have characterized as one of the largest violations of U.S. networks in recent years.

Software development technologies have long been considered a sensitive target in cyberattacks. Software developers use source code management systems, such as those accessed by Microsoft hackers, to build their products. Getting access to it could give hackers new ways to attack these products, according to security experts.

“Having the source code can reduce the amount of time and analysis to identify vulnerabilities, but attackers are still able to identify vulnerabilities without a source code,” said Window Snyder, formerly head of security at Square Inc. “It’s another tool in the toolbox.”

In the case of SolarWinds, attackers were able to do more than just visualize the source code. They compromised the system SolarWinds used to assemble their finished software products and were able to introduce malicious code into SolarWinds ’own software updates that were sent to about 18,000 customers, including Microsoft and FireEye.

Write to Robert McMillan to [email protected]