Microsoft says hackers viewed source code as part of SolarWinds attack

Microsoft says hackers viewed source code as part of SolarWinds attack

Microsoft on Thursday reported that its source code had been viewed, but not altered, by hackers involved in the massive cyber espionage incident that affected thousands of companies and much of the federal government. 

“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft’s Security Response Center wrote in a blog post on Thursday. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”

Microsoft made the announcement as part of its investigation into findings last week, first reported by The Washington Post, that Russian hackers responsible for one of the biggest cyber incidents in U.S. history had compromised Microsoft cloud customers as part of the attack on IT company SolarWinds. 


Microsoft emphasized Thursday that while its source code had been viewed, the ongoing investigation into the incident had found no evidence of Microsoft products being used by the hackers to attack others or that the hackers had accessed production services or consumer data. 

The company reiterated the conclusions of multiple federal agencies, officials and other top security groups that a “sophisticated nation-state actor” was behind the malicious activity, though it did not identify Russia by name. 

The announcement from Microsoft came weeks after Reuters first reported that the Treasury and Commerce departments had been compromised as part of an attack on SolarWinds software updates.

SolarWinds later confirmed the incident in a filing with the Securities and Exchange Commission, noting that it believed around 18,000 of its customers had been affected by the cyber espionage effort, which had been ongoing since at least March. 

SolarWinds counts much of the federal government and the majority of U.S. Fortune 500 companies as customers. While many questions are still unanswered about what was taken or what the goal was, agencies including the Department of Defense, the Department of Homeland Security and the Department of Energy were all reportedly hit by the hacking effort. 


Microsoft President Brad Smith wrote in a separate blog post published earlier this month that the company had notified 40 customers that were targeted “more precisely” by the attackers, with these groups including government agencies, think tanks, IT groups and government contractors. 

While 80 percent of these groups were located in the U.S., organizations in countries including Canada, Mexico, Spain, Belgium, the United Kingdom, Israel and the United Arab Emirates were also hit, according to Smith. 

“This is not ‘espionage as usual,’ even in the digital age,” Smith wrote. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.” 

“In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency,” he added. “While the most recent attack appears to reflect a particular focus on the United States and many other democracies, it also provides a powerful reminder that people in virtually every country are at risk and need protection irrespective of the governments they live under.”

Russia has denied responsibility, though both former Attorney General William BarrBill BarrTrump: Washington/Lincoln ticket would have had hard time beating me before pandemic Trump says Barr 'never' told him he thought he'd lose election Speeches aren't enough: Biden must ditch bipartisanship, endorse ending filibuster MORE and Secretary of State Mike PompeoMike PompeoPoll: Trump leads 2024 GOP primary trailed by Pence, DeSantis Pence v. Biden on China: Competing but consistent visions Overnight Defense: Milley reportedly warned Trump against Iran strikes | Pulitzer Prize-winning photographer killed in Afghanistan | 70 percent of active-duty military at least partially vaccinated MORE said publicly this month that they believed Russian hackers were behind the wide-reaching incident. 

President TrumpDonald TrumpNew Capitol Police chief to take over Friday Overnight Health Care: Biden officials says no change to masking guidance right now | Missouri Supreme Court rules in favor of Medicaid expansion | Mississippi's attorney general asks Supreme Court to overturn Roe v. Wade Michael Wolff and the art of monetizing gossip MORE was slow to address the hack, only once publicly commenting on it in a tweet earlier this month that suggested China was actually behind it. The Chinese government had denied responsibility, and no evidence had publicly been disclosed linking it to the attack on SolarWinds.

Lawmakers on both sides of the aisle have called for a strong response following the hack, while President-elect Joe BidenJoe BidenOvernight Defense: Senate panel adds B to Biden's defense budget | House passes bill to streamline visa process for Afghans who helped US | Pentagon confirms 7 Colombians arrested in Haiti leader's killing had US training On The Money: Senate braces for nasty debt ceiling fight | Democrats pushing for changes to bipartisan deal | Housing prices hit new high in June Hillicon Valley: Democrats introduce bill to hold platforms accountable for misinformation during health crises | Website outages hit Olympics, Amazon and major banks MORE described the incident as “a grave risk to our national security,” vowing this week to modernize U.S. defense systems to better defend against cyber threats.