According to the information circulating in recent moments, hackers who managed to hack Microsoft managed to gain access to the source code of the American giant Microsoft.
The American giant had for its part mentioned two weeks ago that it had discovered a backdoor in your system, through the software of SolarWinds, following an update. The spokesperson at the time said that he had not discovered any intrusions or breaches in his entire system. Subsequently the Reuters news agency had reported that Microsoft's product was used by cyber criminals to accentuate other large-scale cyberattacks.
This article will also interest you: Zoom, Microsoft Teams – Slack: have IT risks increased
Yet last Thursday, Microsoft officials acknowledged that hackers had been able to access their source codes to take a look at them. This situation is entirely plausible in the sense that the American company had not failed to mean that it too was using the Orion management software, proposed by SolarWinds, the software that allowed the cyber attack to be able to access the computer network of several public and private administrations. Redmond's company denied a statement by the Reuters news agency that hackers may have compromised the giant's computer network.
Last December, the US cybersecurity agency released a report explaining how several Microsoft Azure cloud services were compromised by hackers. U.S. agency then advises users to lock the entire computer system to this network to begin to protect their data. Who has affected various U.S. administrations also directly affect the nuclear security agency is the Department of Energy.
"Like other SolarWinds customers, we have actively searched for indicators of this player and can confirm that we have detected malicious SolarWinds binaries in our environment, which we have isolated and deleted. We found no evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indication that our systems were used to attack other people," Microsoft said.
With Thursday's release, Redmond's company confirmed that hackers did use the backdoor to exploit some of the security vulnerabilities offered to them. However, while Microsoft has clarified that their source code has been accessed by cyber criminals, the nature of this source code is still unknown. We can only say that it was something quite valuable for the architecture of Redmond's firm itself. In a blog post, Redmond's company states that cybercriminals have successfully accessed the code by compromising an employee's account.
"However, our investigation revealed attempts at activities that went beyond the mere presence of malicious SolarWinds code in our environment." "We detected unusual activity on a small number of internal accounts and after reviewing, we discovered that an account had been used to view the source code in several source code repositories," Microsoft said in its blog post.
The cyberattack that caused all this heckling will be the work of Cyber criminals of Russian origin, according to a statement by Secretary of State Mike Pompeo. A position that is shared by many U.S. intelligence agencies.
As for our case, Microsoft clarified that hackers had been able to view the source codes, they did not have the privilege of modifying them.
"The account was not authorized to change the code or technical systems and our investigation confirmed that no changes had been made. These accounts have been investigated and remedied," the blog post read. "This activity has not jeopardized the security of our services or our customers' data, but we want to be transparent and share what we learn by fighting what we believe to be a very sophisticated player in the nation-state."
Microsoft reassures that this intrusion is not likely to endanger the security of its services as well as the data of its customers. However, there is no denying that having been able to access this information can enable cybercriminals to set up on several types of cyber malice.
"Intruders can search the source code for software vulnerabilities that they could exploit, adding new weapons to their cyberwar zone," said Mike Chapple, a professor of computer science at the University of Notre Dame who is also a former national security agency computer scientist.
"Having access to the source code gives hackers the plan to create the software and makes it easier. Access to the source code gives hackers the blueprint for creating the software and makes it easier for them to discover new vulnerabilities," he adds. "Hackers can always try to reverse engineering on software vulnerabilities, but having the source code gives them a shortcut," says the professor.
Now access an unlimited number of passwords: