Microsoft proceeds to analyze the tremendous SolarWinds attack. The company found out that its systems were entered “beyond just the presence of malicious SolarWinds code.” Microsoft says that hackers were able to view source code with the hacked account do not grant access and permission to modify any code or systems.
Microsoft has a very sophisticated nation-state actor as the culprit while the US government and cybersecurity concerned Russia as the architects of the overall SolarWinds attack. The attack detected an extensive list of sensitive organizations, and acknowledgment from Microsoft indicates that we are unfolding the attack’s implications for weeks and months to come.
Microsoft says that hackers went deeper than previously with no evidence of access to production services or customer data and no indications that our systems were used to attack others. The adversaries can view its source code, and does not rely on the secrecy of source code to keep its products secure. Microsoft did not disclose how much code was viewed or what the exposed code is used for.
Microsoft President Brad Smith said the attack was a “moment of reckoning” and warned about its danger. This is not espionage as usual. In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure to advance one nation’s intelligence agency.”