Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network.
The “very sophisticated nation-state actor” used the unauthorized access to view, but not modify, the source code present in its repositories, the company said.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” the Windows maker disclosed in an update.
“The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
The development is the latest in the far-reaching espionage saga that came to light earlier in December following revelations by cybersecurity firm FireEye that attackers had compromised its systems via a trojanized SolarWinds update to steal its Red Team penetration testing tools.
images from Hacker News