None of Microsoft’s (MSFT) services or client data are replied to by unauthorized access, the company said in a blog post. However, an investigation revealed that the attackers took advantage of access to company code from Microsoft systems.
Microsoft said that they had found unusual activities with a small number of internal accounts, and when they checked, they had found that a single account had been used to view source code in several source code repositories. The account was not authorized to modify any code or engineering systems. Their investigation confirmed further that no changes had been made to these accounts.
The document highlights the wide range of attackers, who have been described by investigators as highly sophisticated. It also indicates that corporate espionage could be as much a reason as a hunt for secrets of government.
The source code is the basic computer program building blocks. They are the instructions written by programmers making up a program or application.
Using the IT management software SolarWinds Orion, Microsoft had previously acknowledged that the attackers were offering thousands of private and public organizations potential windows. But this is the first time that Microsoft has confirmed the vulnerability of attackers to the giant technology.
The attackers likely sought potential security vulnerabilities in Microsoft products they could exploit to get people’s access to such products, accordingly Mike Chapple, a former official of the national security agency and a Professor of Information Technology at Notre Dame University. Chapple said that cybersecurity professionals should be concerned that this data falling into the wrong hands possibly develop the next SolarWinds weakness in the Microsoft product.
Microsoft said their security practices start with the prevention that hackers have access to the source code of the company and therefore protect the services.
The company claimed that they did not rely on the confidentiality of the source code for product security, and their threat models assumed that the attackers had knowledge of the source code. So viewing the source code is not linked to an increase in risk.