Microsoft source code breached in SolarWinds hack
Microsoft has joined the US government in disclosing it has fallen victim to an attack involving a compromise of SolarWinds’ Orion network monitoring platform, with the attackers able to gain access to Microsoft source code.
The company revealed that a likely compromised internal account had been used to view source code in a number of its source code repositories following the attack.
The account did not have permissions to modify any code or engineering systems, and while other accounts also displayed unusual activity, they have now been investigated and remediated.
Microsoft has also insisted that it takes an “inner source” approach to making source code viewable within Microsoft, so its threat models assume that attackers have knowledge of the company’s source code. This means viewing the code isn’t tied to elevation of risk, the company said.
While the investigation is ongoing, Microsoft also insisted it has found no evidence of access to production services or customer data, and no indication that its systems have been used to attack others.
But the SolarWinds Orion breach nevertheless represents clear signs of “the continuing rise in the determination and sophistication of nation-state attacks”, Microsoft President Brad Smith said in a statement.
“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the US Government and the tech tools used by firms to protect them,” he said.
“There are broader ramifications as well, which are even more disconcerting. First, while governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy.”
Australia could be vulnerable
Meanwhile, a heatmap published by Microsoft based on telemetry from Microsoft Defender, identifying customers who use Defender and who installed versions of SolarWinds’ Orion software containing the attackers’ malware, shows that there were multiple installs of the compromised software in Australia.
Smith said Microsoft has identified and notified more than 40 customers that the attackers targeted with more precise follow-up attacks. While none of these were from Australia, there have been victims in seven countries outside of the US to date — Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.
Smith added that it is “certain” that the number and location of victims will keep going, suggesting that Australian government or private sector users of the SolarWinds software could still be vulnerable.
Too much of a good thing: Australia's cyber overlap issue
Recent research indicates many organisations may have too many security systems with overlapping...
The true cost of cyber attacks
The average annual expense of recovering and dealing with cyber attacks has surpassed AU$4.1...
Tackling the human element in modern authentication: the phishing-resistant user
Integrating human-centric cybersecurity strategies is not merely an option but a necessity in...
