#SOLARWINDS MICROSOFT CODE#
Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products, but he also cautioned that elements of the company's source code were already widely shared - for example with foreign governments. "If you have the blueprint, it's far easier to engineer attacks."
#SOLARWINDS MICROSOFT SOFTWARE#
"The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services. Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified. The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions.
A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it." Three people briefed on the matter said Microsoft had known for days that the source code had been accessed.
After Reuters reported it was breached two weeks ago, Microsoft said it had not "found any evidence of access to production services." Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure - made in a blog post - is new. government networks also had an interest in discovering the inner workings of Microsoft products as well. It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S.
0 kommentar(er)
