Microsoft has revealed that it is still working to expel Russian hackers who breached the email accounts of senior executives at the company since last November, attempting to infiltrate customer networks with stolen access data. The tech giant stated in a blog post that hackers from the Russian Foreign Intelligence Service (SVR) used information obtained during the breach, which was disclosed in mid-January, to compromise some internal systems.
While the company spokesperson did not specify which source code was accessed or what capabilities the intruders gained to further penetrate customer systems and Microsoft’s systems, they noted that the hackers stole "secrets" from email communications between the company and unspecified clients, such as passwords and coding scripts, indicating they were in contact with them "to help implement mitigation measures."
Microsoft pointed out that the attack features a sustained and significant commitment of resources, coordination, and focus, adding that the data obtained could be used "to build a picture of areas to be attacked and enhance their capabilities."
Cybersecurity experts stated that Microsoft’s acknowledgment that the breach had not been contained highlights the risks associated with the government and businesses’ heavy reliance on the company's single software culture and the fact that many of its clients are interconnected through its global cloud network.
Tom Kellermann from Contrast Security emphasized that "this has enormous implications for national security," noting that "the Russians can now leverage supply chain attacks against Microsoft clients."
It is worth mentioning that the company's security team discovered the latest attack on January 12, which led to the deployment of defenses that prevented hackers from accessing more accounts. The attack began last November when the intruders attempted to use a password on a series of accounts and managed to access an old test account. From this "pivot point," the hackers accessed specific accounts of Microsoft employees, including those of managers and security team members, and obtained emails and attached materials.
This recent disclosure from Microsoft comes three months after a new rule from the US Securities and Exchange Commission took effect, requiring publicly traded companies to disclose violations that could adversely affect their business.
