Microsoft Says SolarWinds Hackers Viewed Its Source Code

Microsoft has acknowledged that the hackers behind the SolarWinds cyber-attack accessed and viewed source code repositories within the company.

The company had previously disclosed that it, like thousands of other companies, made internal use of the software used in the attack, SolarWinds’ Orion network management software.

The disclosure that hackers viewed its source code is new, however.

Microsoft said in a blog post the attackers gained access to a small number of internal accounts, which they used to view the repositories.

Code access

The company said the source code was not altered as the accounts in question were not authorised to do so.

Microsoft did not indicate which products the repositories pertained to.

It said the hackers did not escalate their attack to access production systems or customer data, or use their access to Microsoft’s systems to stage attacks on the company’s customers around the world.

The company said its investigation is ongoing.

The hacking group in question inserted backdoor code into SolarWinds’ Orion platform in March of 2020 and used this to access the systems of at least half-a-dozen US federal agencies as well as potentially thousands of private firms before the attack was discovered in December.

Some US officials have accused the Russian government of being behind the attack, which Russia denies.

‘Open’ environment

Security experts have said it is likely to take months for organisations to review system logs and determine what data may have been accessed and whether the intruders still have a foothold.

British security sources have said that in the UK, a small number of organisations outside of the public sector appear to have been affected.

SolarWinds issued a fix for the Orion breach shortly after it was discovered in December.

Microsoft downplayed the seriousness of hackers’ access to its source code, saying the security of its products does not depend upon the code’s secrecy.

The company said it employs an “open source-like” development approach allowing the code to be broadly viewed within the company.


“This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk,” the company said.

Microsoft has emphasised this approach in recent years, particularly following security incidents that led to the leak of the source code of Windows 10, Windows Server 2013 and other products.

However, in the early 2000s the company waged a publicity war against open source software, with then-chief executive Steve Ballmer comparing the open source development model to a “cancer”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

3 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

3 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago