Business
Microsoft Says It Hasn’t Been Able To Shake Russian State Hackers
BOSTON — Microsoft said Friday that it is still working to evict the elite Russian government hackers who broke into senior business officials’ email accounts in November and are attempting to enter consumer networks using stolen access data.
According to the software giant’s blog and regulatory filing, the hackers from Russia’s SVR foreign intelligence service used data gained during the intrusion, which was exposed in mid-January, to compromise some source-code repositories and internal systems.
Microsoft Says It Hasn’t Been Able To Shake Russian State Hackers
A corporate official declined to specify the source code and capabilities the hackers gained to further attack customers and systems. Microsoft claimed Friday that hackers obtained “secrets” from email contacts between the business and certain customers, including cryptographic secrets like passwords, certificates, and authentication keys, and that it was contacting them “to assist in mitigating measures.”
Hewlett Packard Enterprise, a cloud computing business, revealed on January 24 that it was also an SVR hacking victim and had been notified of the breach — by whom it would not say — two weeks earlier, coinciding with the revelation that it had been compromised.
“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” the company said Friday, adding that it may be utilizing acquired data “to accumulate a picture of areas to attack and enhance its ability to do so.” According to cybersecurity experts, Microsoft’s admission that the SVR hack had not been contained highlights the risks of government and business relying heavily on the Redmond, Washington-based company’s software monoculture — and the fact that so many of its customers are linked via its global cloud network.
Microsoft Says It Hasn’t Been Able To Shake Russian State Hackers
“This has tremendous national security implications,” said Tom Kellermann of the cybersecurity firm Contrast Security. “The Russians can now leverage supply chain attacks against Microsoft’s customers.”
Tenable’s CEO, Amit Yoran, also published a statement expressing shock and dismay. He is among security pros who believe Microsoft is extremely secretive about its vulnerabilities and how it handles intrusions.
“We should all be furious that this keeps happening,” he continued. “These breaches aren’t isolated from each other and Microsoft’s shady security practices and misleading statements purposely obfuscate the whole truth.”
Microsoft said it has yet to establish if the incident will have a material impact on its profitability. It also stated that the intrusion’s persistence “reflects what has become a more broadly unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”
The hackers, known as Cozy Bear, are the same ones responsible for the SolarWinds breach.
Microsoft Says It Hasn’t Been Able To Shake Russian State Hackers
When Microsoft first reported the intrusion, it stated that the SVR unit got into its corporate email system and accessed the accounts of certain senior executives and staff from its cybersecurity and legal departments. It did not specify how many accounts were compromised.
At the time, Microsoft stated that it could terminate the hackers’ access to the compromised accounts on or around January 13. But by then, they had certainly established a footing.
It said they gained access via compromising credentials on a “legacy” test account but did not elaborate.
Microsoft’s newest disclosure comes three months after a new Securities and Exchange Commission rule went into effect, requiring publicly traded corporations to disclose breaches that potentially harm their businesses.
SOURCE – (AP)
