Microsoft shared an update about SolarWinds attacks in the company’s Microsoft Security Response Center blog. The company stated that they detected malicious SolarWinds applications in the environment, which we isolated and removed. The company also stated that they have found no evidence of access to production services or customer data. The ongoing investigation also showed that Microsoft’s systems were not used to attack others.
Source code repositories
The investigation revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. The company also detected unusual activity with some internal accounts and upon reviewing the team discovered one account had been used to view source code in a number of source code repositories. The account did not have permission to modify any code or engineering systems and the investigation confirmed no changes were made. Microsoft also stated,
“At Microsoft, we have an inner source approach, the use of open-source software development best practices, and open source-like culture, to making source code viewable within Microsoft. This means we do not rely on the secrecy of source code for the security of products, and our threat models assume that attackers have knowledge of source code. So viewing source code isn’t tied to elevation of risk.”