A Microsoft investigation turned up “unusual activity with a small number of internal accounts” and also revealed that “one account had been used to view source code in a number of source code repositories,” the company said in a blog post. Microsoft said that the account didn’t have the ability to modify code and that no company services or customer data was put at risk.
Microsoft zealously guards its source code, the foundation of its software, but it does provide access to certain “qualified” customers, governments and partners for debugging and for reference.
“The investigation, which is ongoing, has also found no indications that our systems were used to attack others,” the company said.
A Russian intelligence agency is suspected of carrying out the massive campaign, which reportedly affected an email system used by senior leadership at the Treasury Department. It started earlier this year, when hackers compromised IT management software from SolarWinds. The Austin, Texas-based company sells software that lets an organization see what’s happening on its computer networks.
Hackers inserted malicious code into an update of that software, which is called Orion. Around 18,000 SolarWinds customers installed the compromised update onto their systems, the company said.
US national security agencies have called the breach “significant and ongoing.” According to an analysis by Microsoft and security firm FireEye, both of which were , the malware gives hackers broad reach into impacted systems.
Microsoft earlier said it had identifiedthat were targeted in the hack. More information is likely to emerge about the hack and its aftermath.