According to Microsoft, they have not been able to rid themselves of Russian government hackers.
Microsoft announced on Friday that they are continuing their efforts to remove the highly skilled Russian state hackers who illegally accessed the email accounts of top executives in November. The company also reported that these hackers have been attempting to infiltrate customer networks using stolen access information.
The foreign intelligence service SVR from Russia hacked into various source-code repositories and internal systems using data they obtained during the intrusion. This information was revealed by the software giant in a blog and a regulatory filing in mid-January.
A spokesperson for the company declined to define the specific source code that was accessed and the extent of the hackers’ ability to compromise both customer and Microsoft systems. On Friday, Microsoft stated that the hackers obtained confidential information from email exchanges between the company and certain customers. This includes sensitive data such as passwords, certificates, and authentication keys. The company is currently reaching out to these customers in order to help them implement measures to minimize the impact of the breach.
On January 24, Hewlett Packard Enterprise, a cloud-computing company, revealed that it was also targeted by the SVR hacking and was notified of the breach two weeks prior. It did not disclose the source of the notification but coincided with the discovery by Microsoft that they had also been hacked.
Microsoft stated on Friday that the ongoing attack by the threat actor is showing signs of consistent and substantial investment of resources, coordination, and attention. They also noted that the acquired data might be used to gather information on potential targets, making the attacker more capable of executing future attacks. According to cybersecurity professionals, Microsoft’s acknowledgment that the SVR hack is not under control highlights the dangers of relying heavily on the Redmond company’s software monopoly, especially since many of its clients are interconnected through its global cloud platform.
Tom Kellermann from Contrast Security expressed concerns about the significant impact on national security. He explained that this breach allows the Russian government to exploit supply chain tactics to target Microsoft’s clientele.
The CEO of Tenable, Amit Yoran, also released a statement conveying both concern and disappointment. He is one of the security experts who believe that Microsoft is too guarded when it comes to disclosing vulnerabilities and responding to breaches.
Yoran expressed anger over the repeated occurrence of this situation. They believe that these breaches are not separate from one another and that Microsoft’s questionable security practices and misleading statements intentionally hide the entire reality.
The impact of the incident on Microsoft’s finances has not been determined yet. The company also noted that the persistence of the intrusion highlights an increasingly serious threat landscape, particularly from advanced nation-state attacks.
The group of hackers, identified as Cozy Bear, are responsible for the SolarWinds attack as well.
Microsoft first reported the hack and stated that the SVR unit had gained unauthorized access to the company’s corporate email system. They also disclosed that the accounts of various high-level executives and employees on their cybersecurity and legal teams were affected, though they did not reveal the exact number of compromised accounts.
Microsoft confirmed that on or around Jan. 13, they were successful in removing the hackers’ access to compromised accounts. However, it was apparent that the hackers had established a presence prior to that.
The source mentioned that they were able to gain access by exploiting credentials on a “legacy” test account, but did not provide further details.
Three months after the implementation of a new rule from the U.S. Securities and Exchange Commission, Microsoft has released their most recent disclosure. This rule requires publicly traded companies to report any breaches that could have a detrimental effect on their business.
Source: wral.com