Microsoft

The threat actors behind the SolarWinds attack could breach internal Microsoft accounts to view the source code for Microsoft products.

Earlier this month, Microsoft confirmed that they detected malicious executables in their environment that were downloaded during the SolarWinds Orion platform supply chain attack.

SolarWinds supply chain cyberattack
SolarWinds supply chain cyberattack

In a blog post published today, Microsoft stated that they found no evidence that production services or customer data were breached, that forged SAML tokens were used against their domains, or that their systems were used to attack customers.

However, their investigations discovered that the attackers could compromise internal Microsoft accounts, with one being used to view the source code for their software. The attackers, though, did not have the required permissions to modify any source code or engineering systems.

"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated," Microsoft stated in a blog post.

Microsoft further stated that they do not practice security through obscurity and do not consider the viewing of source code as a security risk.

Related Articles:

Windows 11 KB5036980 update goes live with Start Menu ads

US govt sanctions Iranians linked to government cyberattacks

GitHub comments abused to push malware via Microsoft repo URLs

United Nations agency investigates ransomware attack, data theft

Save $230 off Microsoft Visio Professional 2021 in this flash sale