Microsoft continues its efforts to expel elite Russian government hackers who infiltrated the email accounts of senior executives in November. These hackers, associated with Russia’s SVR foreign intelligence service, utilized data obtained during the breach to compromise source-code repositories and internal systems. The breach’s extent prompted Microsoft to reveal that “secrets” were stolen from email communications with unspecified customers, including cryptographic information like passwords and authentication keys.
The cloud-computing company Hewlett Packard Enterprise also disclosed being an SVR hacking victim, correlating with Microsoft’s discovery of its own breach. Microsoft acknowledges that the attack persists, with the threat actors demonstrating a sustained commitment, coordination, and focus. The company warns that the hackers may leverage the obtained data to enhance their ability to target specific areas. Cybersecurity experts express concerns over the national security implications, emphasizing the risks associated with the widespread reliance on Microsoft’s software monoculture and global cloud network.
The hackers, identified as Cozy Bear, were previously linked to the SolarWinds breach. Microsoft initially stated that it had removed the hackers’ access from compromised accounts by January 13, but subsequent developments revealed a persistent foothold. The company remains cautious about the incident’s financial impact and highlights the unprecedented global threat landscape, particularly in terms of sophisticated nation-state attacks. Microsoft’s disclosure aligns with a new U.S. Securities and Exchange Commission rule, effective for three months, mandating publicly traded companies to disclose breaches with potential negative impacts on their business.