Microsoft Confirms Its Source Code Was Accessed In Expansive SolarWinds Hacking Spree
Since beginning its investigation on December 17th, Microsoft has maintained that no customer data or production services were accessed. The company has also reported that its systems were not used to attack other companies. However, in an effort to be transparent, Microsoft is reporting that some internal accounts were used to view source code for several products.
While attackers viewing source code could be concerning in some cases, Microsoft has a decent approach for when something like this happens. First, there are not many accounts that can likely edit source code so that backdoors can be added. The accounts the attackers used did not have the necessary permissions to edit the code, thankfully. Microsoft also states that they use an “inner source” approach to development, where code is viewable within Microsoft. This also makes Microsoft’s threat models operate so they assume attackers know the source code. Therefore, “viewing source code isn’t tied to elevation of risk.”
Moreover, Microsoft plans security around “assumed breaches” and has many layers of security waiting for an attacker to trigger them. Some of the security layers were tripped when the SolarWinds attacker tried to gain more privileges, and the attacker was stopped in their tracks. As Microsoft states, this attacker being stopped “re-iterate[s] the value of industry best practices.” It is less a question of if you will be hacked, but when.