Beautiful Virgin Islands

Tuesday, Jun 03, 2025

SolarWinds hackers accessed Microsoft source code, the company says

SolarWinds hackers accessed Microsoft source code, the company says

The hacking group behind the SolarWinds compromise was able to break into Microsoft Corp and access some of its source code, Microsoft said on Thursday, something experts said sent a worrying signal about the spies' ambition.
Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.

It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S. government networks also had an interest in discovering the inner workings of Microsoft products as well.

Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure - made in a blog post - is new. After Reuters reported it was breached two weeks ago, Microsoft said it had not "found any evidence of access to production services."

Three people briefed on the matter said Microsoft had known for days that the source code had been accessed. A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it."

The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions. U.S. and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.

Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.

"The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company.

"If you have the blueprint, it's far easier to engineer attacks."

Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products, but he also cautioned that elements of the company's source code were already widely shared - for example with foreign governments. He said he doubted that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.

"It's not going to affect the security of their customers, at least not substantially," Tait said.

Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.

In its blog post, Microsoft said it had found no evidence of access "to production services or customer data."

"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," it said.

Reuters reported a week ago that Microsoft-authorized resellers were hacked and their access to productivity programs inside targets leveraged in attempts to read email. Microsoft acknowledged some vendor access was misused but has not said how many resellers or customers may have been breached.

There was no response to requests for comment from the FBI, which is investigating the hacking campaign, or from the Department of Homeland Security's Cybsersecurity and Infrastructure Security Agency.

U.S. officials have attributed the SolarWinds hacking campaign to Russia, an allegation the Kremlin denies.

Both Tait and Ronen Slavin, Cycode's chief technology officer, said a key unanswered question was which source code repositories were accessed. Microsoft has a huge range of products, from widely used Windows to lesser known software such as social networking app Yammer and the design app Sway.

Slavin said he was worried by the possibility that the SolarWinds hackers were poring over Microsoft's source code as prelude to a much more ambitious offensive.

"To me the biggest question is, 'Was this recon for the next big operation?'" he said.
Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
Harvard Urges US to Unfreeze Funds for Public Health Research
Businessman Mauled by Lion at Luxury Namibian Lodge
Researchers Consider New Destinations Beyond the U.S.
53-Year-Old Doctor Claims Biological Age of 23
Trump Struggles to Secure Trade Deals With China and Europe
Russia to Return 6,000 Corpses Under Ukraine Prisoner Swap Deal
Microsoft Lays Off Hundreds More Amid Restructuring
Harvey Weinstein’s Publicist Embraces Notoriety
Macron and Meloni Seek Unity Despite Tensions
Trump Administration Accused of Obstructing Deportation Cases
Newark Mayor Sues Over Arrest at Immigration Facility
Center-Left Candidate Projected to Win South Korean Presidency
Trump’s Tariffs Predicted to Stall Global Economic Growth
South Korea’s President-Elect Expected to Take Softer Line on Trump and North Korea
Trump’s China Strategy Remains a Geopolitical Puzzle
Ukraine Executes Long-Range Drone Strikes on Russian Airbases
Conservative Karol Nawrocki wins Poland’s presidential election
Study Identifies Potential Radicalization Risk Among Over One Million Muslims in Germany
Good news: Annalena Baerbock Elected President of the UN General Assembly
Apple Appeals EU Law Over User Data Sharing Requirements
South Africa: "First Black Bank" Collapses after Being Looted by Owners
Poland will now withdraw from the EU migration pact after pro-Trump nationalist wins Election
"That's Disgusting, Don’t Say It Again": The Trump Joke That Made the President Boil
Trump Cancels NASA Nominee Over Democratic Donations
Paris Saint-Germain's Greatest Triumph Is Football’s Lowest Point
OnlyFans for Sale: From Lockdown Lifeline to Eight-Billion-Dollar Empire
Mayor’s Security Officer Implicated | Shocking New Details Emerge in NYC Kidnapping Case
Hegseth Warns of Potential Chinese Military Action Against Taiwan
OPEC+ Agrees to Increase Oil Output for Third Consecutive Month
Jamie Dimon Warns U.S. Bond Market Faces Pressure from Rising Debt
Turkey Detains Istanbul Officials Amid Anti-Corruption Crackdown
Taylor Swift Gains Ownership of Her First Six Albums
Bangkok Ranked World's Top City for Remote Work in 2025
Satirical Sketch Sparks Political Spouse Feud in South Korea
Indonesia Quarry Collapse Leaves Multiple Dead and Missing
South Korean Election Video Pulled Amid Misogyny Outcry
Asian Economies Shift Away from US Dollar Amid Trade Tensions
Netflix Investigates Allegations of On-Set Mistreatment in K-Drama Production
US Defence Chief Reaffirms Strong Ties with Singapore Amid Regional Tensions
Vietnam Faces Strategic Dilemma Over China's Mekong River Projects
Malaysia's First AI Preacher Sparks Debate on Islamic Principles
White House Press Secretary Criticizes Harvard Funding, Advocates for Vocational Training
France to Implement Nationwide Smoking Ban in Outdoor Spaces Frequented by Children
Meta and Anduril Collaborate on AI-Driven Military Augmented Reality Systems
Russia's Fossil Fuel Revenues Approach €900 Billion Since Ukraine Invasion
U.S. Justice Department Reduces American Bar Association's Role in Judicial Nominations
U.S. Department of Energy Unveils 'Doudna' Supercomputer to Advance AI Research
U.S. SEC Dismisses Lawsuit Against Binance Amid Regulatory Shift
Alcohol Industry Faces Increased Scrutiny Amid Health Concerns
Italy Faces Population Decline Amid Youth Emigration
×