The SolarWinds supply chain attack that swept through the US government and corporate organizations has not yet ended. Anonymous hackers claim to have obtained Microsoft and Cisco source codes.
For example, the hacker stated that he only needed to pay $600,000 to gain access to the source code of Windows 10, and he also provided the source code of other Microsoft products.
For now, it is impossible to tell whether what the hacker said is true or false. After all, Microsoft has indeed admitted that it was infiltrated by hackers and the source code was accessed by hackers.
However, Microsoft stated that hackers only have permission to browse the source code and cannot make any changes. Therefore, Microsoft products are safe and have not been secretly poisoned by hackers.
Although the hacker’s behavior has attracted the attention of a large number of security researchers, most security researchers do not believe it and think it is a simple scam.
The reason is that the hacker who initiated this supply chain attack is alleged to be from Russia, and the target of the hacker is to steal the intelligence of US government agencies rather than the source code of commercial companies.
What’s more, although Cisco also admitted to detecting malware samples, Cisco only installed specific software during testing in the laboratory, and the intranet was not penetrated.
So how can a hacker obtain the source code of Cisco’s products? In summary, the hacker’s so-called sale of source code access rights maybe just a fraud.
However, it is worth noting that this hacker is not an ordinary scammer. This hacker seems to be a member of a well-known Russian profiling group that often engages in data trading.
Although this identity helps increase credibility, most security researchers still insist that this is a scam, after all, the state-backed hacker team is not short of money.
Generally speaking, if the software or system source code is leaked, it may pose a security threat, because the huge codebase may contain potential vulnerabilities that have not yet been discovered.
However, Microsoft has previously issued a statement stating that the company has long changed its security thinking, and now Microsoft does not rely on confidential source code to improve the overall security of its products.
Therefore, even if the source code is accessed by hackers or even leaked, it will not affect product security. At the same time, Microsoft is still strengthening security audits to eliminate more security vulnerabilities.
For now, there is no evidence that Microsoft’s software and products have been tampered with by hackers, so government and enterprise organizations that use Microsoft products do not need to worry about it for the time being.