Microsoft revealed some of its Source Code was accessed by hackers via SolarWinds supply chain attack

Earlier, the hacker attack encountered by the SolarWinds Software Company in the United States attracted global attention, mainly because a large number of enterprises and government agencies used SolarWinds software.

This kind of supply chain attack allowed hackers to infiltrate a large number of government and corporate institutions through SolarWinds software, and the attack lasted a long time before being discovered by a US cybersecurity company.

As an operating system developer, Microsoft has also been used SolarWinds software. After investigation, Microsoft has confirmed that the company’s internal use of SolarWinds software has been infiltrated.

However, in its previous statement, Microsoft emphasized that although virus samples were detected, no attacks were found, and its production environment and customer information were not leaked.

Microsoft has issued a new statement regarding the incident, in which Microsoft confirmed that the attacker used a backdoor SolarWinds program to steal an account and then accessed part of the Microsoft source code.

Microsoft did not disclose what product this part of the source code belongs to, but Microsoft still emphasizes that its source code is safe and has not been tampered with by hackers.

The reason is that this account only has browsing permissions but not modification permissions, so even if hackers want to modify or perform other engineering actions, they cannot do it at the time.

According to Microsoft’s instructions, the company kept different source codes in multiple repositories, and hackers used stolen accounts to browse the source codes stored in multiple repositories.

Microsoft said that after investigation, there is no evidence that any Microsoft services or any customer data security has been threatened, and that these products are currently safe.

The company said that viewing the source code will not cause security problems, because Microsoft does not rely on the secrets of the source code to protect product security, so even if it is viewed, it is fine.