“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft said. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
The disclosure highlights the broad reach of the attackers, whom investigators have described as extremely sophisticated and well-resourced. And it suggests that corporate espionage may have been as much a motive as a hunt for government secrets.
Source code represents the basic building blocks of computer programs. They are the instructions written by programmers that make up an application or computer program.
Mike Chapple, a former National Security Agency official and an information technology professor at the University of Notre Dame, said the attackers were likely looking for potential security vulnerabilities in Microsoft products that they could exploit to gain access to users of those products.
“Cybersecurity professionals now need to be concerned that this information falling into the wrong hands might create the next SolarWinds-level vulnerability in a Microsoft product,” Chapple said.
But Microsoft said its security practices begin by preemptively assuming that hackers already have access to the company’s source code, and protects its services accordingly.
“We do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code,” the company said. “So viewing source code isn’t tied to elevation of risk.”
You may also like
-
UK coronavirus variant has been reported in 86 countries, WHO says
-
NASA technology can help save whale sharks says Australian marine biologist and ECOCEAN founder, Brad Norman
-
California Twentynine Palms: Explosives are missing from the nation’s largest Marine Corps base and an investigation is underway
-
Trump unhappy with his impeachment attorney’s performance, sources say
-
Lunar New Year 2021: Ushering in the Year of the Ox