Microsoft says Russians hacked its network, viewing source code

Status
Not open for further replies.

oldschool

Level 59
Verified
Mar 29, 2018
4,833
By
Ellen Nakashima
Dec. 31, 2020 at 7:11 p.m. UTC
Russian government hackers engaged in a sweeping series of breaches of government and private-sector networks have been able to penetrate deeper into Microsoft’s systems than previously known, gaining access to potentially valuable source code, the tech giant said Thursday.

The firm previously acknowledged that it had inadvertently downloaded a software patch used by Russian cyber spies as a potential “back door” into victims’ systems. But it was not known that the hackers had viewed the firm’s source code, or the crucial DNA of potentially valuable, proprietary software.
Russian hack was ‘classic espionage’ with stealthy, targeted tactics
Microsoft, however, did not specify what type of source code was accessed.

“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” the firm said in a blog post.

The hackers did not have permissions to modify any code or engineering systems, Microsoft said, adding “our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
The Redmond, Wash.-based company said it has found no evidence of access to production services or customer data. It said its investigation also found no indications that its systems have been used to attack others.
However, some of its cloud customers have been hacked through a third-party partner that handles the firm’s cloud-access services, The Washington Post reported last week.
Microsoft has said it was the first to alert several U.S. government agencies in recent weeks to the fact they had been compromised.
This is a developing story and will be updated.
 

TairikuOkami

Level 30
Verified
Content Creator
May 13, 2017
1,940
The firm previously acknowledged that it had inadvertently downloaded a software patch used by Russian cyber spies as a potential “back door” into victims’ systems.
Maybe MS will finally reconsider offering security downloads like windows updates via an insecure connection (port 80), at least optionally. :whistle:
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
846
Linux is secure because it has been open source since its inception, and holes were plugged along the way.

This is different. Very, very different.

Load up on third party security apps, bring your friends, it's fun to lose and to pretend ;).
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
846
I was wondering why WD did not seem to be performing as usual the last couple of months, maybe this is why. Who knows, that seems to happen a lot with WD. It starts out great with a new version of Windows and slowly declines.
 

Andy Ful

Level 68
Verified
Trusted
Content Creator
Dec 23, 2014
5,720
From the article:
"But as Rid pointed out, this so far appears to be classic digital spying of the sort that major nations, including the United States, engage in every day to gain geopolitical edges of various sorts."

US, China, Russia, and other countries are attacked by hackers for many years. We know about the attacks on US because it is a democratic country. The Chinese or Russian governments will never admit such a thing, except when this would bring some political advantage.

Edit.
As we know they also never admitted to being spied by James Bond.:):sneaky:
 

venustus

Level 56
Verified
Trusted
Content Creator
Dec 30, 2012
4,597
Microsoft said on Thursday that its investigation had detected unusual activity from a small number of employee accounts. It then determined that one had been used to view “a number of source code repositories.”

“The account did not have permissions to modify any code or engineering systems, and our investigation further confirmed no changes were made,” the company said in its blog post.
Microsoft, unlike many technology companies, does not rely on the secrecy of its source code for the security of its products. Employees can readily view source code, and its risk models assume attackers have ready access to it, suggesting the fallout from the breach could be limited.
 

Freud2004

Level 7
Jun 26, 2020
312
The only interest that a hacker would have in windows code is to explore zero days attack.

With this pandemic zero days attacks can guarantee a lot of money to hackers.

Now hackers are at the same level them NSA, because NSA already know the windows code.
 

Freud2004

Level 7
Jun 26, 2020
312
Linux is secure because it has been open source since its inception, and holes were plugged along the way.

This is different. Very, very different.

Load up on third party security apps, bring your friends, it's fun to lose and to pretend ;).

Linux is more secure because there is not so much money to be gained from it. Linux failures do not generate the revenue that Windows failures generate.
The servers are mostly based on linux code, and are not exploited?
 

McMcbrad

Level 23
Oct 16, 2020
1,252
Hopefully MS is taking steps to inspect the leaked code for vulnerabilities and patch them before attackers have the opportunity to exploit them.

Though source code leakage isn’t really new, I remember McAfee, Norton and Trend Micro had allegedly their source being leaked in 2018??? (If I remember right) and it didn’t really lead to any exploits.

Hopefully they’ve accessed just a small amount of code, that can easily be modified and not the whole architecture of the OS.
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
846
Linux is more secure because there is not so much money to be gained from it. Linux failures do not generate the revenue that Windows failures generate.
The servers are mostly based on linux code, and are not exploited?
Yeah, as they always say... follow the money ;).

My point is that Linux is open source and has 2,357 listed CVE's. Windows 10 is closed source so for now it only has 1,111 listed CVE's.

 

SerialCart

From Serialcart.com
Verified
Oct 27, 2019
197
Linux is more secure because there is not so much money to be gained from it. Linux failures do not generate the revenue that Windows failures generate.
The servers are mostly based on linux code, and are not exploited?
Well, server have really a different story. Because servers are also secured by network and hardware firewalls, enterprise 24/7 support and always security for servers comes first. But none of these exist for a home users. I personally use Linux for my daily driver and it MIGHT provide a little more security for me as less Linux distros are targeted however, this does not mean that Linux machines do not have vulnerabilities. Indeed due to the fact that many components in Linux is community-based, when I install a new app or something I should cross my fingers that it is safe and also in the developing team there are no traitors. I use Linux because it is more reliable and easier for me but it might not be the same story for many users who are using Windows for ages. And I completely disagree with those who say Mac and Linux do not need an antivirus!!! This is wrong. Because there might be way less malware and viruses for Mac and Linux but there is enough to get you infected. If your valuable data gets encrypted once... that is it... no way back ... you should pay or say goodbye to your data!

All said, Microsoft is well-known for managing the security in the worst case possible. And I do not believe if they would make Windows opensource in any possible scenario ... this is what is making their business going .. from selling the licenses to tracking users data for marketing.

Lets cross the fingers that they act fast and there would not be many issues with their source code :(
 

numike

Level 1
Nov 1, 2018
38

SolarWinds hackers accessed Microsoft source code

Microsoft says customer data wasn't compromised.
LMAO
 
Last edited by a moderator:
  • Like
Reactions: danb and venustus
Status
Not open for further replies.
Top