Microsoft: SolarWinds Attackers Viewed Our Source Code
Microsoft has revealed that the nation state group behind a recent global cyber-espionage campaign managed to view some of the firm’s source code.
The tech giant has provided several updates in the wake of the discovery of the campaign, which appears to have targeted mainly US government agencies and tech firms and has been linked to Russia.
In the spirit of cross-industry collaboration, its latest notice goes into more detail about the attack on its own systems, which was discovered when the firm found evidence of the malicious SolarWinds binaries used to target others.
“Our investigation has revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment,” it explained.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
Microsoft claimed that its use of open source development practices and culture internally means that it does “not rely on the secrecy of source code for the security of products.
“So viewing source code isn’t tied to elevation of risk,” it added.
“As with many companies, we plan our security with an ‘assume breach’ philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access.”
New victims of the campaign are emerging all the time.
In late December, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a new alert warning that the same threat actor is using the same vector (SolarWinds Orion) to target not just federal but also state and local governments, as well as critical infrastructure and private sector organizations.