The hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and gain access to some of its source code, Microsoft said Thursday.
In a blog post, Microsoft said its investigation revealed irregularities with a “small number of internal accounts” and that one of the accounts “had been used to display source code in a number of source code repositories. .
“The disclosure adds to the ever-growing image of the tradeoffs associated with the SolarWinds hack, which used SolarWinds SolarWinds k monitoring software, the Texas-based company’s flagship network, as a springboard to penetrate sensitive US government and US government networks. other technology companies.
Microsoft had previously revealed that, like other companies, it had found malicious versions of SolarWinds software in its network, but the source code disclosure is new.
A company’s source code – the underlying set of instructions that runs a software or operating system – is usually one of its most closely guarded secrets.
It is not known how many or precisely which source code repositories the hackers were able to access. A Microsoft spokesperson declined to give more details on the blog post.
Microsoft said the hacked account did not have the ability to modify Microsoft code. The blog added that it had found no evidence of access to “production services or customer data.”
“The investigation, which is ongoing, has also found no indication that our systems have been used to attack other people,” he said.