The hacking group behind the SolarWinds compromise was able to break into Microsoft and access some of its source code, the technology giant said late on Thursday, something experts said sent a worrying signal about the spies' ambition.
Source code - the underlying set of instructions that run a piece of software or operating system - is typically among a technology company's most closely guarded secrets and Microsoft has historically been particularly careful about protecting it.
It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive US government networks also had an interest in discovering the inner workings of Microsoft products as well.
Microsoft had already disclosed that like other firms it found malicious versions of SolarWinds' software inside its network, but the source code disclosure is new.
Three people briefed on the matter said Microsoft had known for days that the source code had been accessed.
A Microsoft spokesman said security employees had been working "around the clock" and that "when there is actionable information to share, they have published and shared it”.
The SolarWinds hack is among the most ambitious cyber operations ever disclosed, compromising at least half-a-dozen federal agencies and potentially thousands of companies and other institutions.
US and private sector investigators have spent the holidays combing through logs to try to understand whether their data has been stolen or modified.
Modifying source code - which Microsoft said the hackers did not do - could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
"The source code is the architectural blueprint of how the software is built," said Andrew Fife of Israel-based Cycode, a source code protection company.
"If you have the blueprint, it is far easier to engineer attacks," he added.
Matt Tait, an independent cybersecurity researcher, agreed that the source code could be used as a roadmap to help hack Microsoft products. He also cautioned that elements of the company's source code were already widely shared, for example with foreign governments. He said he doubted that Microsoft had made the common mistake of leaving cryptographic keys or passwords in the code.
"It's not going to affect the security of their customers, at least not substantially,” Mr Tait said.
Microsoft noted that it allows broad internal access to its code, and former employees agreed that it is more open than other companies.
In its blog post, Microsoft said it had found no evidence of access "to production services or customer data."
"The investigation, which is ongoing, has also found no indications that our systems were used to attack others," it said.
Killing of Qassem Suleimani
More from Neighbourhood Watch:
THREE
%3Cp%3EDirector%3A%20Nayla%20Al%20Khaja%3C%2Fp%3E%0A%3Cp%3EStarring%3A%20Jefferson%20Hall%2C%20Faten%20Ahmed%2C%20Noura%20Alabed%2C%20Saud%20Alzarooni%3C%2Fp%3E%0A%3Cp%3ERating%3A%203.5%2F5%3C%2Fp%3E%0A
Wicked
Director: Jon M Chu
Stars: Cynthia Erivo, Ariana Grande, Jonathan Bailey
UAE and Russia in numbers
UAE-Russia ties stretch back 48 years
Trade between the UAE and Russia reached Dh12.5 bn in 2018
More than 3,000 Russian companies are registered in the UAE
Around 40,000 Russians live in the UAE
The number of Russian tourists travelling to the UAE will increase to 12 percent to reach 1.6 million in 2023
BMW M5 specs
Engine: 4.4-litre twin-turbo V-8 petrol enging with additional electric motor
Power: 727hp
Torque: 1,000Nm
Transmission: 8-speed auto
Fuel consumption: 10.6L/100km
On sale: Now
Price: From Dh650,000
Ballon d’Or shortlists
Men
Sadio Mane (Senegal/Liverpool), Sergio Aguero (Aregentina/Manchester City), Frenkie de Jong (Netherlans/Barcelona), Hugo Lloris (France/Tottenham), Dusan Tadic (Serbia/Ajax), Kylian Mbappe (France/PSG), Trent Alexander-Arnold (England/Liverpool), Donny van de Beek (Netherlands/Ajax), Pierre-Emerick Aubameyang (Gabon/Arsenal), Marc-Andre ter Stegen (Germany/Barcelona), Cristiano Ronaldo (Portugal/Juventus), Alisson (Brazil/Liverpool), Matthijs de Ligt (Netherlands/Juventus), Karim Benzema (France/Real Madrid), Georginio Wijnaldum (Netherlands/Liverpool), Virgil van Dijk (Netherlands/Liverpool), Bernardo Silva (Portugal/Manchester City), Son Heung-min (South Korea/Tottenham), Robert Lewandowski (Poland/Bayern Munich), Roberto Firmino (Brazil/Liverpool), Lionel Messi (Argentina/Barcelona), Riyad Mahrez (Algeria/Manchester City), Kevin De Bruyne (Belgium/Manchester City), Kalidou Koulibaly (Senegal/Napoli), Antoine Griezmann (France/Barcelona), Mohamed Salah (Egypt/Liverpool), Eden Hazard (BEL/Real Madrid), Marquinhos (Brazil/Paris-SG), Raheem Sterling (Eengland/Manchester City), Joao Félix(Portugal/Atletico Madrid)
Women
Sam Kerr (Austria/Chelsea), Ellen White (England/Manchester City), Nilla Fischer (Sweden/Linkopings), Amandine Henry (France/Lyon), Lucy Bronze(England/Lyon), Alex Morgan (USA/Orlando Pride), Vivianne Miedema (Netherlands/Arsenal), Dzsenifer Marozsan (Germany/Lyon), Pernille Harder (Denmark/Wolfsburg), Sarah Bouhaddi (France/Lyon), Megan Rapinoe (USA/Reign FC), Lieke Martens (Netherlands/Barcelona), Sari van Veenendal (Netherlands/Atletico Madrid), Wendie Renard (France/Lyon), Rose Lavelle(USA/Washington Spirit), Marta (Brazil/Orlando Pride), Ada Hegerberg (Norway/Lyon), Kosovare Asllani (Sweden/CD Tacon), Sofia Jakobsson (Sweden/CD Tacon), Tobin Heath (USA/Portland Thorns)
Signs%20of%20%20%20%20%20%20%20heat%20stroke
%3Cul%3E%0A%3Cli%3EThe%20loss%20of%20sodium%20chloride%20in%20our%20sweat%20can%20lead%20to%20confusion%20and%20an%20altered%20mental%20status%20and%20slurred%20speech%3C%2Fli%3E%0A%3Cli%3EBody%20temperature%20above%2039%C2%B0C%3C%2Fli%3E%0A%3Cli%3EHot%2C%20dry%20and%20red%20or%20damp%20skin%20can%20indicate%20heatstroke%3C%2Fli%3E%0A%3Cli%3EA%20faster%20pulse%20than%20usual%3C%2Fli%3E%0A%3Cli%3EDizziness%2C%20nausea%20and%20headaches%20are%20also%20signs%20of%20overheating%3C%2Fli%3E%0A%3Cli%3EIn%20extreme%20cases%2C%20victims%20can%20lose%20consciousness%20and%20require%20immediate%20medical%20attention%3C%2Fli%3E%0A%3C%2Ful%3E%0A
PROFILE BOX
Company name: Overwrite.ai
Founder: Ayman Alashkar
Started: Established in 2020
Based: Dubai International Financial Centre, Dubai
Sector: PropTech
Initial investment: Self-funded by founder
Funding stage: Seed funding, in talks with angel investors
Emergency phone numbers in the UAE
Estijaba – 8001717 – number to call to request coronavirus testing
Ministry of Health and Prevention – 80011111
Dubai Health Authority – 800342 – The number to book a free video or voice consultation with a doctor or connect to a local health centre
Emirates airline – 600555555
Etihad Airways – 600555666
Ambulance – 998
Knowledge and Human Development Authority – 8005432 ext. 4 for Covid-19 queries
Our family matters legal consultant
Name: Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
Dengue%20fever%20symptoms
%3Cp%3EHigh%20fever%20(40%C2%B0C%2F104%C2%B0F)%3Cbr%3ESevere%20headache%3Cbr%3EPain%20behind%20the%20eyes%3Cbr%3EMuscle%20and%20joint%20pains%3Cbr%3ENausea%3Cbr%3EVomiting%3Cbr%3ESwollen%20glands%3Cbr%3ERash%26nbsp%3B%3C%2Fp%3E%0A
Killing of Qassem Suleimani
THE BIO
Born: Mukalla, Yemen, 1979
Education: UAE University, Al Ain
Family: Married with two daughters: Asayel, 7, and Sara, 6
Favourite piece of music: Horse Dance by Naseer Shamma
Favourite book: Science and geology
Favourite place to travel to: Washington DC
Best advice you’ve ever been given: If you have a dream, you have to believe it, then you will see it.
Tips for job-seekers
- Do not submit your application through the Easy Apply button on LinkedIn. Employers receive between 600 and 800 replies for each job advert on the platform. If you are the right fit for a job, connect to a relevant person in the company on LinkedIn and send them a direct message.
- Make sure you are an exact fit for the job advertised. If you are an HR manager with five years’ experience in retail and the job requires a similar candidate with five years’ experience in consumer, you should apply. But if you have no experience in HR, do not apply for the job.
David Mackenzie, founder of recruitment agency Mackenzie Jones Middle East
Saturday's results
West Ham 2-3 Tottenham
Arsenal 2-2 Southampton
Bournemouth 1-2 Wolves
Brighton 0-2 Leicester City
Crystal Palace 1-2 Liverpool
Everton 0-2 Norwich City
Watford 0-3 Burnley
Manchester City v Chelsea, 9.30pm
