The suspected Russian hackers who carried out cyber attacks on numerous US government agencies earlier this month were also found to have had access to Microsoft’s internal source codes. The tech company reports this in a blog post. However, according to Microsoft, no customer data or services have been stolen.
Microsoft said it was “unusual activity” with a small number of internal accounts. On closer inspection, it was discovered that an account had been used to view a number of places where source codes were stored, Microsoft said. According to Microsoft, the account in question had no rights to change codes or systems. According to Microsoft, no changes have been made either.
In early December, cybersecurity company FireEye announced that hackers had broken into servers and stolen sensitive information about software that performs security tests. The hackers managed to carry out a protracted and massive cyber attack on American government agencies and companies through the software of the provider SolarWinds.
Microsoft previously said it had also received a malicious software update from SolarWinds. The details of the crack are still largely unknown. As a result, it is still not known exactly how many organizations have been victims and what was taken by the hackers. Researchers previously found that at least 200 organizations have been attacked.
Microsoft says the hackers did not use the SolarWinds update to access the internal account, but declined to explain how the attackers gained access.