begin quote from:
Microsoft says hackers viewed its source code
.1 day ago
View all
Web results
1 day ago — (CNN Business) Microsoft said Thursday that the suspected Russian hackers behind a massive US government security breach also viewed some of the company's source code. The unauthorized access does not appear to have compromised any Microsoft (MSFT) services or customer data, the company said in a blog post.
1 day ago — A new update from Microsoft says that Russian hackers gained access to view the company's source code, but that no products were made ...
Microsoft says hackers viewed its source code
Updated 3:34 PM ET, Thu December 31, 2020
![This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption. Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)](http://cdn.cnn.com/cnnnext/dam/assets/201221124819-hackeo-eeuu-dinero-small-169.jpg)
(CNN Business)Microsoft said Thursday that the suspected Russian hackers behind a massive US government security breach also viewed some of the company's source code.
The unauthorized access does not appear to have compromised any Microsoft (MSFT) services or customer data, the company said in a blog post. But an investigation showed that the attackers took advantage of their access to Microsoft's systems to view company code.
"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," Microsoft said. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated."
The disclosure highlights the broad reach of the attackers, whom investigators have described as extremely sophisticated and well-resourced. And it suggests that corporate espionage may have been as much a motive as a hunt for government secrets.
Source code represents the basic building blocks of computer programs. They are the instructions written by programmers that make up an application or computer program.
Microsoft had previously acknowledged using the IT management software, SolarWinds Orion, that gave the attackers a potential window into thousands of public and private sector organizations. But this marks the first time Microsoft has confirmed that the attackers exploited the vulnerability against the technology giant.
Mike Chapple, a former National Security Agency official and an information technology professor at the University of Notre Dame, said the attackers were likely looking for potential security vulnerabilities in Microsoft products that they could exploit to gain access to users of those products.
"Cybersecurity professionals now need to be concerned that this information falling into the wrong hands might create the next SolarWinds-level vulnerability in a Microsoft product," Chapple said.
But Microsoft said its security practices begin by preemptively assuming that hackers already have access to the company's source code, and protects its services accordingly.
"We do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code," the company said. "So viewing source code isn't tied to elevation of risk."
No comments:
Post a Comment