Microsoft said on Thursday in a blog post that hackers tied to a massive intrusion of dozens of US government agencies and private companies snuck farther into its systems than previously thought, although the intrusion doesn't appear to have caused any additional harm.
The company said the hackers were able to view some of the code underlying Microsoft software, but weren’'t able to make any changes to it.
Microsoft played down any risk associated with the additional intrusion, noting that its software development relies on code sharing within the company, a practice called ‘inner source’.
Also read: Microsoft, McAfee and experts form coalition to combat ransomware
Likewise, Microsoft said it doesn't rely on keeping programme code secret as a security measure and instead assumes that adversaries have seen its code and uses other defensive measures to frustrate attacks.
The company said it found no evidence of hacker access to customer data and no indication that its systems were used to attack others.
The hack began as early as March when malicious code was snuck into updates to SolarWinds software that monitors computer networks. Microsoft helped respond to the breach with cybersecurity firm FireEye, which discovered the hack when the security firm itself was targeted.
Cybersecurity experts and US officials suspect Russia was behind the hack that infiltrated over 40 federal agencies, including the departments of Treasury, Energy and Commerce, as well as government contractors. Russia has denied that it is to blame.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.