The hockey team behind the SolarWinds compromise was able to break into Microsoft and gain access to some of its source code, Microsoft said Thursday, experts said something that sent a worrying signal about the spies’ desire.
Source code – the basic set of instructions that run a piece of software or operating system – is usually one of a technology company ‘s closest secrets and Microsoft has historically been particularly careful about protecting it. .
It is not clear how many or what parts of the Microsoft source code repositories hackers were able to access, but the revelation shows that the hackers were interested in using the software company SolarWinds as leapfrog to break into sensitive U.S. government networks to discover internal workings of Microsoft products as well.
Microsoft had already announced that it, like other companies, had discovered malicious versions of SolarWinds software within its network, but the source code release – made in a blog post – is new. After Reuters reported a breach two weeks ago, Microsoft said it had “found no evidence of access to product services.”
Three people who received information about the case said that Microsoft had known for days that the source code had been accessed. A Microsoft spokesman said security staff had been working “around the clock” and “when action information is to be shared, it is published and shared.”
The SolarWinds hack is among the most advanced cyber operations ever published, harming at least half a dozen federal agencies and possibly thousands of other companies and institutions. U.S. analysts and the private sector have spent the holidays combing through logs to try to understand whether their data has been stolen or altered.
Changing source code – which Microsoft said the hackers did not do – could have potentially catastrophic effects in the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. . But experts said that even revising the code could give hackers an insight that could help them restore Microsoft products or services.
“The source code is the architectural plan of how the software is built,” said Andrew Fife of Cycode, an Israeli – based source code protection company.
“If you have a blue plan, it’s much easier to innovate attacks.”
Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help slow down Microsoft products, but also warned that elements of the source code were company is already widely shared – for example by foreign governments. He said it was doubtful that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.
“It’s not going to affect the security of the customers, at least not significantly,” Tait said.
Microsoft noted that it allows wide access to its code, and former employees agreed that it is more open than other companies.
In its blog post, Microsoft said it found no evidence of access “to production services or messenger data.”
“The ongoing investigation found no evidence that our systems have been used to attack others,” he said.
Reuters reported a week ago that Microsoft-authorized resellers were blocked and their access to in-target productivity programs was reduced in attempts to read email. Microsoft has acknowledged that some vendor access has been misused but has not said how many resellers or buyers have been breached.
There has been no response to requests for comment from the FBI, which is investigating the hockey campaign, or from the Department of Homeland Security’s Cybsersecurity and Infrastructure Security Agency.
U.S. officials have filed a SolarWinds campaign for Russia, an allegation that the Kremlin denies.
Both Tait and Ronen Slavin, Cycode ‘s chief technology officer, said a key unanswered question was which source code sources were accessed. Microsoft has a wide range of products, from widely used Windows to lesser-known software such as the Yammer social networking app and the Sway design app.
Slavin said he was concerned with the possibility that the SolarWinds hackers would be poring over Microsoft ‘s source code as a prelude to a much more ambitious offense.
“For me the biggest question is, ‘Was this preparing for the next big job? ‘”He said.