SAN FRANCISCO: Hackers behind the worst US government agency interference in years have gained access to Microsoft’s secret source code to authenticate clients, which could help in one of the main attack methods.
In a blog post on Thursday, Microsoft said its internal investigation found that hackers studied parts of the source code for its Azure cloud software related to identity and security, Exchange email programs, and Intune’s management of mobile devices and apps.
The company said some code had been downloaded, which should have given hackers more freedom to search for security vulnerabilities, create new flawed copies, or examine the logic to find ways to exploit client installations.
Microsoft previously said that hackers gained access to some of the source code, but it did not mention any parts or that any of it was copied.
US authorities said on Wednesday that the violations revealed in December extended to nine federal agencies and 100 private companies, including major technology providers and security firms.
They said it was probably the Russian government that was behind the frenzy, which Moscow denied.
Hackers initially discovered, by security provider FireEye Inc., advanced skills for introducing spyware backdoors into the widely used network management software distributed by SolarWinds Corp.
In the more than thousands of SolarWinds customers exposed last year, hackers have added new Azure identities, added greater rights to existing identities, or tampered with Microsoft software, largely to steal email.
Some hackers have also used techniques like these on targets that do not use SolarWinds. Microsoft previously acknowledged that some of its vendors, who often have ongoing access to customer systems, were used for the breach.
It continues to deny that flaws in anything it directly introduces were used as a primary vector of attack.
Microsoft declined to answer Reuters questions about the pieces of code that were downloaded or whether what the hackers discovered helped them hone the technologies.
The company also refused to disclose whether it was changing any of its codes as a result of the hack.
The Department of Homeland Security did not respond to questions.
On Thursday, the company said it had completed its investigation and that it “found no indications that our systems at Microsoft were being used to attack others.”
However, it has proven that issues with identity management are so prevalent in recent attacks that many security companies have issued new guidelines and warnings as well as tools to detect misuse.
President Joe Biden has promised to respond to the SolarWinds hacks, and the chief cybersecurity official, Deputy National Security Advisor Ann Newberger, is leading an investigation and remedial effort.
The Senate Intelligence Committee will hold a hearing on the breaches on Tuesday with witnesses including Microsoft Chairman Brad Smith and FireEye CEO Kevin Mandia.