The hackers behind the SolarWinds supply chain attack managed to escalate access inside Microsoft’s internal network and gain access to a small number of internal accounts, which they used to access Microsoft source code repositories, the company said on Thursday.

In an update from its Security Response Center, Microsoft says that hackers were able to “view source code in a number of source code repositories,” but that the hacked account granting such access didn’t have permission to modify any code or systems..

“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”

Additionally, the company says that it regularly assumes adversaries are able to view its source code, and does not rely on the secrecy of source code to keep its products secure. Microsoft did not disclose how much code was viewed or what the exposed code is used for.

READ
JBS Paid $11 Million To REvil Ransomware