Microsoft said on Friday it was still working to oust elite Russian government hackers who broke into the email accounts of senior company executives in November and said the hackers had been trying to compromise customer networks with stolen access data.
Hackers from Russia’s SVR foreign intelligence agency used data obtained from a breach disclosed by Microsoft in mid-January to compromise some source code repositories and internal systems, the software giant said in blogs and regulatory filings.
A company spokesman would not disclose what source code was accessed or what capabilities the hackers gained to further compromise customers and Microsoft systems. Microsoft said on Friday that hackers stole “secrets” – encryption secrets such as passwords, certificates and authentication keys – from email communications between the company and unspecified customers and that it was contacting them “to assist Take mitigating measures.”
Cloud computing company Hewlett Packard Enterprise disclosed on January 24 that it was also a victim of the SVR hack and had been informed of the breach two weeks earlier (but did not disclose who was notified), and Microsoft discovered It was hacked at the same time.
Microsoft said on Friday that “sustained attacks by threat actors are characterized by a sustained and significant investment of threat actor resources, coordination and focus,” adding that it can use the data it obtains to “accumulate the situation in the attack area and enhance its ability” to do so.
Cybersecurity experts say Microsoft’s admission that the SVR hack went unchecked exposes the dangers of a monoculture of governments and businesses relying heavily on the Redmond, Wash., company’s software, with so many customers passing through its global cloud network facts that are linked together.
“This has huge national security implications,” said Tom Kellermann of cybersecurity firm Contrast Security. “The Russians can now use the supply chain to attack Microsoft customers.”
Tenable CEO Amit Yoran also issued a statement expressing shock and dismay. He is among security professionals who find Microsoft too secretive about its vulnerabilities and its handling of hacks.
“We should all be outraged that this keeps happening,” Yoland said. “These breaches are not isolated from each other, and Microsoft’s improper security practices and misleading statements intentionally obscure the entire facts.”
Microsoft said it has not yet determined whether the incident may have a significant impact on its finances. It also said the persistence of the intrusion “reflects the broader unprecedented global threat landscape, particularly with regard to sophisticated nation-state attacks.”
The hackers, named Cozy Bear, are the same team of hackers behind the SolarWinds vulnerability.
When Microsoft initially announced the hack, it said the SVR unit broke into its corporate email system and accessed the accounts of some senior executives and employees on its cybersecurity and legal teams. It did not disclose how many accounts were compromised.
At the time, Microsoft said it was able to remove the hackers’ access from the compromised accounts around January 13. But by then, they had clearly found their footing.
The company said they gained entry by leaking the credentials of an “older” test account, but never elaborated.
Microsoft’s latest disclosure comes three months after a new SEC rule took effect forcing public companies to disclose violations that could negatively impact their business.
Follow us on Google news ,Twitter , and Join Whatsapp Group of thelocalreport.in
