We reported last week that Microsoft’s investigation of the Solarwinds hack discovered that hackers appear to have compromised some of their internal accounts and had viewed some Microsoft source code.
Now a hacker is offering to sell access to the Windows 10 source code for $600,000.
The news was reported by security researcher Jake Williams from Rendition Infosec, and he warns the hackers, who appear to be well-known Russian group Shadow Brokers, may simply be trying to confuse the issue, and not to take the offer at face value.
There's no meat on this bone until more is released. The only takeaways are:
1. We've seen Russian threat actors use this type of misdirection before to muddy attribution
2. You shouldn't fall for it
That's it. That's the whole story. 2/2
— Jake Williams (@MalwareJake) January 12, 2021
Microsoft confirmed hackers were able to view, but not alter the source code for some products but says there is no evidence that this activity placed the security of Microsoft’s services or any customer data at risk.
Microsoft says viewing source code does not increase risk, as the company does not rely on the secrecy of source code for the security of products.