Microsoft source code breached in SolarWinds hack


By Dylan Bushell-Embling
Monday, 11 January, 2021


Microsoft source code breached in SolarWinds hack

Microsoft has joined the US government in disclosing it has fallen victim to an attack involving a compromise of SolarWinds’ Orion network monitoring platform, with the attackers able to gain access to Microsoft source code.

The company revealed that a likely compromised internal account had been used to view source code in a number of its source code repositories following the attack.

The account did not have permissions to modify any code or engineering systems, and while other accounts also displayed unusual activity, they have now been investigated and remediated.

Microsoft has also insisted that it takes an “inner source” approach to making source code viewable within Microsoft, so its threat models assume that attackers have knowledge of the company’s source code. This means viewing the code isn’t tied to elevation of risk, the company said.

While the investigation is ongoing, Microsoft also insisted it has found no evidence of access to production services or customer data, and no indication that its systems have been used to attack others.

But the SolarWinds Orion breach nevertheless represents clear signs of “the continuing rise in the determination and sophistication of nation-state attacks”, Microsoft President Brad Smith said in a statement.

“The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the US Government and the tech tools used by firms to protect them,” he said.

“There are broader ramifications as well, which are even more disconcerting. First, while governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy.”

Heatmap of countries affected by the Microsoft problem

Heatmap of where the compromised software is installed.

Australia could be vulnerable

Meanwhile, a heatmap published by Microsoft based on telemetry from Microsoft Defender, identifying customers who use Defender and who installed versions of SolarWinds’ Orion software containing the attackers’ malware, shows that there were multiple installs of the compromised software in Australia.

Smith said Microsoft has identified and notified more than 40 customers that the attackers targeted with more precise follow-up attacks. While none of these were from Australia, there have been victims in seven countries outside of the US to date — Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.

Smith added that it is “certain” that the number and location of victims will keep going, suggesting that Australian government or private sector users of the SolarWinds software could still be vulnerable.

Image credit: ©stock.adobe.com/au/ArtemSam

Related Articles

Data breaches fall 16% in first half of 2021

Organisations reported 446 data breaches to the Office of the Australian Information Commissioner...

Companies urged to consider pros and cons of paying a ransom

The conversation is heating up globally about whether companies should pay in a ransomware attack.

Authentication best practices to achieve Zero Trust

Zero Trust, a strategic initiative designed to stop data breaches, has come of age in the last 12...


  • All content Copyright © 2021 Westwick-Farrow Pty Ltd