The hackers behind the SolarWinds compromise were able to break into Microsoft Corp’s internal network. Gaining access to internal accounts, they were also able to access some Microsoft source code repositories.
It is not clear how much or what parts of Microsoft’s source code repositories the hackers were able to access. According to Microsoft, the hackers didn’t make any changes to the repositories. Nor were any production systems or customer data breached.
The hackers had used SolarWinds Orion software as a way of breaking into sensitive U.S. government networks. Furthermore, the hacks were used to access networks of thousands of software companies. Microsoft being one of them.
Had the source code been modified, the consequences could have potentially been disastrous. Primarily due to the widespread use of Windows OS and Office suite.
According to Microsoft merely accessing the source code isn’t a big deal. The company internally uses an inner source approach making the source code viewable to anyone within Microsoft. Based on this, their security practices assume that attackers already have knowledge of the code. Thus the attack did not increase the risk to their systems and customers.
This new bite was adapted from an article originally written for Reuters.
Interested in learning about software development? Whether you just want to pick up a few new skills or launch a new career, Lantern Institute provides various programs to help you get started.