Microsoft has confirmed ongoing attempts to remove elite Russian government hackers who infiltrated the email accounts of senior company executives in November. The hackers, affiliated with Russia's SVR foreign intelligence service, have been utilizing stolen access data to target customer networks. Microsoft revealed that the hackers leveraged data obtained in the intrusion to compromise source-code repositories and internal systems.
The company refrained from specifying the exact source code accessed or the extent of the hackers' capabilities to further compromise customer and Microsoft systems. It was disclosed that the hackers pilfered cryptographic secrets, such as passwords, certificates, and authentication keys, from email communications between Microsoft and undisclosed customers.
Hewlett Packard Enterprise also fell victim to SVR hacking, with the breach notification coinciding with Microsoft's discovery of the cyberattack. Microsoft emphasized the sustained commitment and resources allocated by the threat actors, suggesting a strategic approach to accumulating information for future attacks.
Cybersecurity experts highlighted the national security implications of the breach, cautioning against the risks associated with the widespread reliance on Microsoft's software ecosystem. The breach underscores the interconnected nature of Microsoft's global cloud network, potentially exposing customers to supply chain attacks orchestrated by the hackers.
Microsoft acknowledged the breach's impact on the global threat landscape, emphasizing the sophistication of nation-state cyberattacks. The hackers, identified as Cozy Bear, were previously linked to the SolarWinds breach, further underscoring the persistent threat posed by these actors.
While Microsoft managed to revoke the hackers' access to compromised accounts in mid-January, the incident raises concerns about the initial breach vector involving a 'legacy' test account. The company's disclosure aligns with the new SEC rule mandating public companies to report breaches that could materially affect their operations.
