As Microsoft tries to examine the major SolarWinds attack, the company says it has confirmed that its systems have been breached “beyond the caused by malicious SolarWinds code.” In an advisory from its Security Team in regards, Microsoft says that attackers have been able to “view source code in a number of system software databases,” but that the hacked user granting such access has not been able to “view source code in a variety of system software directories.”
Although Microsoft points out that “a very sophisticated nation-state actor” is the guilty party, the US government and cybersecurity officials have involved Russia as the perpetrators of the SolarWinds attack. The attack revealed a wide number of sensitive organisations, and today’s Microsoft release shows that we’re still going to unravel the effects of the attack for weeks and months to come.
Interestingly, Microsoft claims that while hackers have gone deeper than previously thought, they have found “no proof of exposure to operating systems or customer information” and “no indications that our programs have been used to attack others.”
In addition, the company states that it routinely believes that competitors are able to access its source code and does not rely on the confidentiality of the code to keep its products safe. Microsoft has not revealed how much code has been viewed or what the released code is used for.
Earlier in the month, Microsoft President Brad Smith said the incident was a “time of confrontation” and cautioned of its threat. “This isn’t ‘treason as usual,’ Smith said. “In effect, it’s not just an intrusion on specific targets, but on the trust and confidence of the vital infrastructure of the world in efforts to progress the intelligence agency of one nation.”