Microsoft recently announced that its Windows source code had been viewed by the Solarwinds attackers. (Normally, only key government customers and trusted partners would have this level of access to the “stuff” of which Windows is made.) The attackers were able to read – but not change – the software secret sauce, raising questions and concerns among Microsoft customers. Did it mean, perhaps, that attackers could inject backdoor processes into Microsoft’s updating processes
First, a bit of background on the Solarwinds attack, also called Solorigate: An attacker got into a remote management/monitoring tool company and was able to inject itself into the development process and build a backdoor. When the software was updated through the normal updating processes set up by Solarwinds, the backdoored software was deployed into customer systems — including numerous US government agencies. The attacker was then able to silently spy on several activities across these customers.