author photo
By Bruce Sussman
Thu | Dec 31, 2020 | 3:33 PM PST

It was a New Year's Eve 2020 revelation from Microsoft.

During its internal investigation into the SolarWinds supply chain attack, Microsoft uncovered an unsettling surprise. Hackers have successfully accessed the company's network and worked their way into valuable data repositories.

Microsoft reveals hackers accessed source code

The company says its internal investigation did not find the typical tactics, techniques, and procedures (TTPs) associated with the SolarWinds cyberattack. Instead, it discovered something else:

"Having investigated further, we can now report that we have not found evidence of the common TTPs (tools, techniques and procedures) related to the abuse of forged SAML tokens against our corporate domains.

Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment."

The discovery appears to be a related attack involving Microsoft source code using different TTPs to infiltrate the network:

"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories."

Does Microsoft hack increase security risk for customers?

When you hear that hackers inspected source code repositories, it makes you wonder about the security implications, doesn't it? What does this mean for Microsoft customers around the globe?

Microsoft claims this breach does not elevate your risk if you rely on its services, products, or security tools. The company explains in a new blog post:

"At Microsoft, we have an inner source approach—the use of open source software development best practices and an open source-like culture—to making source code viewable within Microsoft.

This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.

As with many companies, we plan our security with an 'assume breach' philosophy and layer in defense-in-depth protections and controls to stop attackers sooner when they do gain access."

Those assurances aside, Microsoft says it found evidence of attempted activities related to this hack which were thwarted by its own protections.

And it says you should implement a privileged access strategy to protect privileged accounts at your organization.

This is just the latest revelation linked to the SolarWinds supply chain attack, and we doubt it will be the last.

Comments