Microsoft hacked into Russia-linked SolarWinds cyber attack

“We detected unusual activity with a small number of internal accounts and during the investigation we discovered that one account was used to view source code in a number of source code repositories,” Microsoft said in a statement.

The company said that this affected account could see Microsoft’s source code but could not make any changes.

Microsoft’s revelation gives rise to the specter that the hackers may have targeted other technology companies and then endangered them, said Sherri Davidoff, chief executive of security advisory firm LMG Security LLC. “That’s why these hackers are going after these companies,” she said. “They do not want access to just one company. They want access to everything. ”

A Microsoft spokesman declined to say which products or internal systems were affected by the intrusion.

The company found ‘no evidence of access to production services or customer data’, and ‘no indications that our systems were used to attack others’, the company said.

The SolarWinds attack dates back to at least October of 2019 and has resulted in a spate of cyber surveys in government and private industry. Through a backdoor of the attackers installed in SolarWinds’ Orion networking software, the hackers found their way into systems of the Department of Homeland Security, the State Department, the Treasury and trade and others.

US government and cyber security officials linked the attack to Russia. The Kremlin denied involvement in the hacks.

An analysis of the Wall Street Journal’s Internet records identified infected computers at two dozen organizations that installed SolarWinds’ contaminated network monitoring software. Among them: the technology giant Cisco Systems Inc.,

Intel chipmakers Corp.

in Nvidia Corp.

, and the accounting firm Deloitte LLP.

The hackers also harmed at least one vendor of Microsoft’s cloud-based computing services and tried to use it as a means of accessing email belonging to cybersecurity vendor CrowdStrike. Inc.

The attempt was unsuccessful, CrowdStrike said last week. Microsoft is the second largest cloud computing company in the world after Amazon.com Inc.

The SolarWinds attack has not been detected for months and was discovered by FireEye Inc.,

a cyber security business, when hackers sounded the alarm. FireEye focused more than a hundred cyber conferences on investigating the hacking of its systems, before finally using SolarWinds software as the source of the compromise.

U.S. government and corporate investigators are still trying to determine what information the hackers could gather in what has characterized cyber security officials as one of the biggest intrusions on U.S. networks in years.

Software development technologies have long been considered a sensitive target in cyber attacks. Source code management systems, such as access to Microsoft Hackers, are used by software developers to build their products. Gaining access to it could give hackers insight into new ways to attack these products, security experts say.

“If you own the source code, it can reduce the amount of time and analysis needed to identify vulnerabilities, but attackers can still identify vulnerabilities without a source code,” said Window Snyder, former security chief of Square Inc. “It’s another tool in the toolbox.”

In the case of SolarWinds, the attackers could do more than just see source code. They compromised the system SolarWinds uses to compile its finished software products and were able to send malicious code into SolarWinds’ own software updates, which were sent to approximately 18,000 customers, including Microsoft and FireEye.

Write to Robert McMillan by [email protected]