Microsoft source code breached in SolarWinds hack

By Dylan Bushell-Embling
Monday, 11 January, 2021

Microsoft source code breached in SolarWinds hack

Microsoft has joined the US government in disclosing it has fallen victim to an attack involving a compromise of SolarWinds’ Orion network monitoring platform, with the attackers able to gain access to Microsoft source code.

The company revealed that a likely compromised internal account had been used to view source code in a number of its source code repositories following the attack.

The account did not have permissions to modify any code or engineering systems, and while other accounts also displayed unusual activity, they have now been investigated and remediated.

Microsoft has also insisted that it takes an “inner source” approach to making source code viewable within Microsoft, so its threat models assume that attackers have knowledge of the company’s source code. This means viewing the code isn’t tied to elevation of risk, the company said.

While the investigation is ongoing, Microsoft also insisted it has found no evidence of access to production services or customer data, and no indication that its systems have been used to attack others.

But the SolarWinds Orion breach nevertheless represents clear signs of “the continuing rise in the determination and sophistication of nation-state attacks”, Microsoft President Brad Smith said in a statement.

“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the US Government and the tech tools used by firms to protect them,” he said.

“There are broader ramifications as well, which are even more disconcerting. First, while governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy.”

Heatmap of countries affected by the Microsoft problem

Heatmap of where the compromised software is installed.

Australia could be vulnerable

Meanwhile, a heatmap published by Microsoft based on telemetry from Microsoft Defender, identifying customers who use Defender and who installed versions of SolarWinds’ Orion software containing the attackers’ malware, shows that there were multiple installs of the compromised software in Australia.

Smith said Microsoft has identified and notified more than 40 customers that the attackers targeted with more precise follow-up attacks. While none of these were from Australia, there have been victims in seven countries outside of the US to date — Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

Smith added that it is “certain” that the number and location of victims will keep going, suggesting that Australian government or private sector users of the SolarWinds software could still be vulnerable.

Image credit: ©

Related Articles

If you want to fix cyber, stop trying to fix people

We need to stop trying to fix people and start understanding and supporting them with the right...

Managing through uncertainty requires facing security unknowns head on

Understanding the attack surface in its entirety is not just a tactical advantage; it is a...

Why the success of modern cyber defence hinges on identity security

 A single compromised identity could easily provide the keys to the kingdom if it isn't...

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd