Microsoft Hacked in Russia-Linked SolarWinds Cyberattack
By Robert McMillan
The Russia-linked hackers behind a widespread cyber-intrusion
into U.S. corporate and government systems were able to access
internal systems within Microsoft Corp. and view internal source
code, used to build software products, the company said
Microsoft had previously confirmed that it had downloaded
malicious software from a vendor called SolarWinds Corp. that had
been modified by the hackers. Thursday's disclosure is the first
indication that the hackers were able to access internal systems at
"We detected unusual activity with a small number of internal
accounts and upon review, we discovered one account had been used
to view source code in a number of source code repositories,"
Microsoft said in a statement.
This compromised account was able to view Microsoft's source
code, but not make changes, the company said.
A Microsoft spokesman declined to say what products or internal
systems were affected by the intrusion.
The company has "found no evidence of access to production
services or customer data," and "no indications that our systems
were used to attack others," the company said.
The SolarWinds attack dates back to at least October of 2019 and
has prompted a flurry of cyber investigations within government and
private industry. Through a backdoor the attackers installed in
SolarWinds's Orion networking software, the hackers found their way
into systems belonging to the Department of Homeland Security, the
State Department, the Treasury and Commerce departments and
U.S. government and cybersecurity officials have linked the
attack to Russia. The Kremlin has denied involvement in the
A Wall Street Journal analysis of internet records identified
infected computers at two dozen organizations that installed the
tainted network monitoring software from SolarWinds. Among them:
technology giant Cisco Systems Inc., chip makers Intel Corp. and
Nvidia Corp., and accounting firm Deloitte LLP.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
December 31, 2020 13:14 ET (18:14 GMT)
Copyright (c) 2020 Dow Jones & Company, Inc.