Microsoft says SolarWinds hackers viewed the company’s source code

Over a week ago, we wrote about Microsoft after the company announced that it was a victim of Solarwinds hacker attack. In what the tech giant called a moment of reckoning, Microsoft said over 40 of its customers had their networks infiltrated by hackers following the SolarWinds supply chain attack after they installed backdoored versions of the Orion IT monitoring platform.

Now, it seems the hack was worse than earlier reported. In a blog post on Thursday, Microsoft said the suspected state-sponsored hackers behind a massive US government security breach also viewed some of its source code. But the unauthorized access does not appear to have compromised any Microsoft (MSFT) services or customer data.

However, further investigation revealed that the attackers took advantage of their access to Microsoft’s systems to view company code.

“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft said. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”

“Our investigation into our own environment has found no evidence of access to production services or customer data. The investigation, which is ongoing, has also found no indications that our systems were used to attack others,” Microsoft added.

On December 14, Solarwinds told SEC that about 18,000 of its customers compromised for 6 months in the hack of its Orion software. SolarWinds, which boasts 300,000 customers globally, said in a regulatory disclosure it believed the attack was the work of an “outside nation-state” that inserted malicious code into updates of its Orion network management software issued between March and June this year.