Russian government hackers engaged in a sweeping series of breaches of government and private-sector networks have been able to penetrate deeper into Microsoft’s systems than previously known, gaining access to potentially valuable source code, the tech giant said Thursday.
The firm previously acknowledged that it had inadvertently downloaded a software patch used by Russian cyberspies as a potential “back door” into victims’ systems. But it was not known that the hackers had viewed the firm’s source code, or the crucial DNA of potentially valuable, proprietary software.
Microsoft, however, did not specify what type of source code was accessed.
“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” the firm said in a blog post.
The hackers did not have permission to modify any code or engineering systems, Microsoft said, adding “our investigation further confirmed no changes were made. These accounts were investigated and remediated.”
The Redmond, Wash.-based company said it has found no evidence of access to production services or customer data. It said its investigation also found no indications that its systems have been used to attack others.
However, some of its cloud customers have been hacked through a third-party partner that handles the firm’s cloud-access services, The Washington Post reported last week.
Microsoft has said it was the first to alert several U.S. government agencies in recent weeks to the fact they had been compromised.