Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code


Malicious SolarWinds Orion backdoor installed in Microsofts network led to the attackers viewing some of its source code.



Microsoft today disclosed its discovery that the attackers behind the SolarWinds breach and rigged software update had commandeered one of its internal accounts to view — but not alter — some of its source code in a number of source code repositories.
The revelation is the latest twist in a complex breach believed to be perpetrated by Russian hackers on behalf the nations SVR intelligence arm that has infiltrated major US government agencies, including the US State Department and Treasury, as well as major companies such as Microsoft and FireEye, the security giant that
first detected and revealed the breach
. The so-called Dark Halo group (aka UNC2452) infiltrated network management vendor SolarWinds software build system and planted a backdoor called Sunburst into updates of the companys Orion software used by the victims. Some 33,000 organizations worldwide received the software update, and around 18,000 installed it on their systems — including Microsoft.
SolarWinds Orion software wasnt the only initial attack vector, however. The Cybersecurity & Infrastructure Security Agency (CISA) said the attackers
used other methods
as well, which have not yet been publicly disclosed.
Microsoft said that the attackers viewing its source code poses no increase in security risk because its security threat model assumes attackers have some knowledge of the code. One of Microsofts user accounts was used by the attackers to view the companys source code, but the company said that account was not authorized to modify code or engineering systems. Microsoft was able to confirm no changes were made to the code, and the compromised user accounts have been remediated.
Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what were learning as we combat what we believe is a very sophisticated nation-state actor, Microsoft said
in the blog post today
.
 

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Reveals That Russian Attackers Accessed Some of Its Source Code