The hackers behind the SolarWinds attack got deeper access into Microsoft’s systems than the company previously disclosed. The company, which previously confirmed it found compromised code in its system, now says the hackers were able to gain access to its source code.
“Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment,” Microsoft wrote in an update. “We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories.”
The company said that none of its code was modified, and that its investigation will continue. “This activity has not put at risk the security of our services or any customer data,” Microsoft said, adding that “viewing source code isn’t tied to elevation of risk,” for the company.
Even as Microsoft downplayed the risk associated with this discovery, it’s more evidence of just how far the attack has reached. Because SolarWinds' network security software is widely used, the group behind the hack was able to potentially access an unprecedented amount of sensitive data from government agencies and major corporations. Government officials have said Russia is responsible, though investigators are still unraveling the full extent of the hack.