Russian government hackers engaged in a sweeping series of breaches of government and private-sector networks have been able to penetrate deeper into Microsoft’s systems than previously known, gaining access to potentially valuable source code, the tech giant said Thursday.
The firm previously acknowledged that it had inadvertently downloaded a software patch used by the Russians as a potential “back door” into victims’ systems. But it was not known that the hackers had viewed the firm’s source code, or the crucial DNA of potentially valuable, proprietary software.
Microsoft, however, did not specify what type of source code was accessed.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” the firm said in a blog post.
The hackers did not have permissions to modify any code or engineering systems, Microsoft said, adding “our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
Microsoft has played a pivotal if unwitting role in the breaches, as its cloud service platform has been used by the Russians to send commands to victim networks. The firm was the first to alert several U.S. government agencies in recent weeks to the fact they had been compromised.
The Redmond, Wash.-based company said it has found no evidence of access to production services or customer data. It said its investigation also found no indications that its systems have been used to attack others.
However, some of its cloud customers have been hacked through a third-party partner that handles the firm’s cloud-access services, The Washington Post reported last week.