She said a company Microsoft: The hacking group behind the massive cyber attack against SolarWinds has managed to break into Microsoft’s systems and gain access to some of the software giant’s source code, something the experts said sends a worrying signal about the spies’ ambition.
The source code – the basic set of instructions that occupies part of a program or operating system – is usually among the tech company’s most guarded secrets, and Microsoft has historically been particularly keen to protect it.
It is not clear how much or what bits of Microsoft source code the hackers could access, but the disclosure indicated that hackers who used software company SolarWinds as a springboard to break into sensitive US government networks also had an interest in discovering the inner workings of Microsoft products as well .
Microsoft revealed that it, like other companies, had found malicious versions of SolarWinds within its network, but the disclosure of the source code was new. Update From its Security Response Center.
And he said Security Response Center: The hacker was able to view the source code in a number of source code repositories, but the compromised account granting this access did not have permission to modify any code or systems.
After Reuters reported that it had been hacked two weeks ago, Microsoft said it had not found any evidence of access to production services or customer data.
It seems that the software giant has known for days that the source code has been accessed, and its modification brings many dire consequences, given the ubiquitous spread of Microsoft products, which include the Office productivity group and the Windows operating system.
The experts said: The mere ability to review that code can provide hackers with insight that may help them sabotage Microsoft’s products or services.
The source code can be used as a roadmap to help penetrate Microsoft products, but with reference to the company it has shared elements of that code widely with foreign governments.
Microsoft is unlikely to make the common mistake of leaving encryption keys or passwords in the code, which means that what happened will not affect the security of its customers significantly.
Microsoft noted that it allows for extensive internal access to its code, and former employees agreed that it is more open than other companies.
Microsoft has a wide range of products, from widely used Windows to lesser-known software, such as the Yammer social networking app and Sway design app.
While Microsoft cites a representative of a highly developed nation-state as the culprit, the US government and cybersecurity officials have cited Russia as the architect of the mass attack against SolarWinds, which revealed An extensive list of sensitive organizations.