Microsoft: hackers were able to get access to the source code of the software

SolarWinds hackers accessed source code, Microsoft says

Microsoft: hackers were able to get access to the source code of the software

Microsoft: hackers were able to get access to the source code of the software &# 160;

Cybersecurity experts&# 160; consider what happened&# 160; by a reconnaissance operation, not an attack&# 160; with a view&# 160; application&# 160; direct damage&# 160;

Microsoft said Thursday that the hackers behind the attack on dozens of government departments and private companies in the United States have penetrated its systems much deeper than previously thought. According to the company, the hackers were able to view some of the code underlying Microsoft’s software, but were unable to make any changes to it.

Download Adobe Flash Player

Embed

share

Microsoft: hackers were able to get access to the source code of the software

Embed

share

The code has been copied to your clipboard.

width

px

height

px

  • Share on Facebook

     

    Microsoft: hackers were able to get access to the source code of the software
  • Share on Twitter

     

The URL has been copied to your clipboard

No media source currently available

0:00

0:02:43

0:00

Source code is the basic set of instructions that run a piece of software or operating system – usually one of the most closely guarded secrets of any technology company..

“The source code is like a Coca-Cola recipe that’s in an Atlanta vault, super secret, so no one can copy it. Since the programs are written by people, and we all have flaws, an error can creep into the program. If attackers gain access to the source code, they will be able to find out what these vulnerabilities are and use them against you, ”said an expert at Florida International University. Alexander Crowter (Alexander Crowther).

It is unclear how much or what parts of the Microsoft source code repositories the hackers were able to get their hands on. The company’s recognition of this fact indicates that the hackers who used SolarWinds software as a springboard to infiltrate closed US government networks were also interested in how Microsoft products worked internally..

“We found SolarWinds malicious applications in our environment, which we isolated and removed. Our investigation has identified attempted actions that go beyond the mere presence of SolarWinds malicious code in our environment. This activity did not compromise the security of our services or any customer data. ” – says the blog of the company. “We encountered unusual activity on a small number of internal accounts, and after checking, we discovered that one of them was being used to view source code across multiple repositories. The account did not have permission to change the code, and our investigation confirmed that no changes were made. “.

Microsoft noted that a foreign country is behind the operation. Alexander Crowther notes: cybercriminals’ actions are intelligence operations, not cyberattacks.

“For actions in cyberspace to be considered an attack, one of four effects must be achieved: something is broken, something is destroyed, there are people killed or injured. Killing someone with a cyber operation is difficult. So what we saw was a reconnaissance operation, “the expert notes..

According to him, information operations are more often carried out in cyberspace, the purpose of which is to form a certain opinion, as well as financial cybercrimes – extortion of money, penetration of banks.

Alexander Crowter agrees with the opinion of Microsoft experts that the state is behind the operation, not a group of independent hackers.

“In order to have a good cyber system, you must have the resources. For example, the Netherlands is a pretty serious player in cyberspace, although many in the world would never think so. They have human resources, businesses, universities and people working together. This is why, usually, complex cyber threats come from states – only they can generate these resources. Countries have university systems, but the Islamic State, for example, does not. They depend on the talent they can attract, but they will never become a serious ongoing threat across Russia and China. “.

Hacking SolarWinds is one of the most ambitious cyber operations ever conducted. A number of federal structures and, possibly, thousands of private companies and other organizations have suffered from it. US officials blame Russia for SolarWinds hacking campaign, Kremlin denies.

“What you won’t see from the US is a detailed explanation of why Russia is believed to be behind the operation. The FBI will most likely say, “you know, it was the Russians.” They are trying to determine who exactly is behind this. When the US says that Russia or China is behind this or that operation, they answer: “Prove it. Please provide proof. ” What they really want to know is how we caught them and what needs to be done to prevent this mistake from happening again. That is why the United States does not provide evidence, ”the expert emphasizes..

The key question that remains unanswered is which source code repositories were accessed. Microsoft has a huge list of products, from widely used Windows to lesser-known software such as the Yammer social media app and the Sway design app..

  • Alexander Yanevsky

    Journalist. Graduated Taras Shevchenko National University of Kyiv. Worked on the channel «1 + 1» and «Channel 5». On «Voice of America» since 2014. Was one of two correspondents «Voices of America», covering the Russian presidential elections in 2018 from Moscow. He pays attention to the topic of US-Ukrainian and US-Russian relations. Actively covered the case of Paul Manafort and Maria Butina.

    [email protected]

    Like

    I will follow

    Subscription

Similar articles