Microsoft stated that it is yet to ascertain the financial impact of the incident but acknowledged the unprecedented global threat landscape
Microsoft disclosed on Friday that it is still working to expel Russian government hackers who infiltrated the email accounts of high-ranking company officials back in November. These elite hackers, allegedly affiliated with Russia’s SVR foreign intelligence service, have been persistently attempting to breach customer networks using pilfered access data, according to Microsoft’s recent blog post and regulatory filing.
The breach, which Microsoft initially revealed in mid-January, allowed the hackers to infiltrate certain source-code repositories and internal systems. While Microsoft refrained from specifying the exact source code accessed or the extent of the hackers’ capabilities, it acknowledged that the compromised data included confidential email communications containing cryptographic secrets like passwords, certificates, and authentication keys. Consequently, Microsoft is actively engaging with affected customers to aid in implementing necessary security measures.
This disclosure comes amidst revelations from cloud-computing giant Hewlett Packard Enterprise (HPE), which disclosed on January 24 that it, too, fell victim to the SVR hacking campaign. HPE acknowledged being notified of the breach two weeks prior, coinciding with Microsoft’s own discovery of the intrusion.
Microsoft showcases the ongoing threat posed by the SVR hackers, characterising their attack as a sustained and resource-intensive effort aimed at potentially identifying and exploiting vulnerabilities across various systems. Security experts have voiced concerns over the implications of Microsoft’s software monoculture and its extensive global cloud network, emphasising the vulnerability it exposes to supply chain attacks.
Amit Yoran, CEO of Tenable, echoed these sentiments, expressing frustration over Microsoft’s perceived lack of transparency regarding vulnerabilities and breach response. He highlighted the interconnected nature of cybersecurity breaches and criticised Microsoft’s handling of the situation as opaque and potentially misleading.
Microsoft stated that it is yet to ascertain the financial impact of the incident but acknowledged the unprecedented global threat landscape, particularly concerning sophisticated nation-state attacks. The SVR hackers, also known as Cozy Bear, were previously implicated in the SolarWinds breach.
Initially, Microsoft revealed that the hackers gained access to its corporate email system, compromising accounts belonging to senior executives, as well as employees from cybersecurity and legal departments. However, the company declined to specify the exact number of compromised accounts or elaborate on the method used by the hackers to gain entry.
While Microsoft claims to have revoked the hackers’ access to compromised accounts by January 13, the persistence of the intrusion underscores the challenges in fully containing and mitigating such sophisticated cyber threats.
