Bengaluru, NFAPost: Ringing alarm bell, Microsoft said on Thursday in a blog post that hackers tied to a massive intrusion of dozens of US government agencies and private companies sneaked further into its systems to access some of its source code.
Source code – the underlying set of instructions that run a piece of software or operating system – is typically among a technology company’s most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.
Even though the company admitted that they were able to view some of the source code, Microsoft stated that the hackers were not able to change it. The tech giant also risk associated with the additional intrusion, noting that its software development relies on code sharing within the company, a practice called “inner source.”
The company said the hackers were able to view some of the code underlying Microsoft software, but weren’t able to make any changes to it. But the company stated that software development relies on code sharing within the company and the it is called ‘inner source’.
In a blog post, the company said its investigation had turned up irregularities with a “small number of internal accounts” and that one of the accounts “had been used to view source code in a number of source code repositories.”
Microsoft said the account did not have the ability to monitor any Microsoft code. The blog post further added it has found no evidence of access to production services or customer data. “The investigation, which is ongoing, has also found no indications that our systems were used to attack others,” it said.
The company said it found no evidence of hacker access to customer data and no indication that its systems were used to attack others. The hack began as early as March when malicious code was snuck into updates to SolarWinds software that monitors computer networks. Microsoft helped respond to the breach with cybersecurity firm FireEye, which discovered the hack when the security firm itself was targeted.
Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds’ software inside its network, but the source code disclosure – made in a blog post – is new.
The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions. U.S. and private-sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.
According to a Seattle Times report, cybersecurity experts and US officials suspect Russia was behind the hack. Microsoft said earlier this month that it identified more than 40 government agencies, think tanks, non-governmental organisations and IT companies infiltrated by the hackers. Russia has denied that it is to blame.