InformedInsights

Get Informed, Stay Inspired

Russian Hackers Breach Microsoft Core Software Systems
Europe Technology

Russian Hackers Breach Microsoft Core Software Systems

On Friday, Microsoft announced that it is still attempting to remove the high-level Russian hackers from their systems. These hackers accessed the email accounts of top company leaders in November and have also been trying to infiltrate customer networks using stolen login information.

According to Microsoft’s blog and regulatory filing, the hackers from Russia’s SVR foreign intelligence service leveraged data they obtained from a recent intrusion (which was disclosed in mid-January) to infiltrate source-code repositories and internal systems belonging to the software company.

The source code that was accessed and the extent of the hackers’ abilities to compromise customer and Microsoft systems has not been revealed by a company spokesperson. On Friday, Microsoft announced that the hackers obtained “secrets” from email correspondence between the company and its clients, including important cryptographic information like passwords, certificates, and authentication keys. The company stated it would be contacting these clients to offer assistance in implementing measures to mitigate the impact.

On January 24, Hewlett Packard Enterprise, a company specializing in cloud computing, revealed that it had also fallen victim to hacking by the SVR. The company was notified of the security breach two weeks prior, but did not disclose the source of the information. This coincided with Microsoft’s discovery of their own hacking incident.

Microsoft stated on Friday that the ongoing attack by the threat actor displays a continuous and considerable dedication of their resources, as well as coordination and focus. It is possible that the threat actor is utilizing the acquired data to gather information on potential targets and strengthen their capabilities for future attacks.

Security professionals stated that Microsoft’s acknowledgement of the SVR breach not being contained highlights the dangers of relying heavily on the singular software culture of the Redmond, Washington-based company for government and corporate purposes. This vulnerability is intensified by the vast interconnectedness of its customers through its worldwide cloud network.

According to Tom Kellermann from Contrast Security, this situation carries significant consequences for national security. Russian hackers are now able to exploit supply chain vulnerabilities to target Microsoft’s clients.

A statement was also released by Amit Yoran, the CEO of Tenable, conveying his concern and disappointment. He, along with other security experts, believes that Microsoft is excessively guarded when it comes to disclosing vulnerabilities and managing cyber attacks.

“We should all be furious that this keeps happening,” Yoran said. “These breaches aren’t isolated from each other, and Microsoft’s shady security practices and misleading statements purposely obfuscate the whole truth.”

Microsoft stated that it has not yet determined the potential impact on its financial status due to the incident. They also acknowledged that the persistent nature of the intrusion highlights an increasingly concerning trend of advanced nation-state attacks within the global threat landscape.

The group responsible for the SolarWinds attack, also known as Cozy Bear, are hackers.

Upon initially disclosing the hack, Microsoft stated that the SVR unit had breached their corporate email platform and gained entry to accounts belonging to senior executives and personnel on their cybersecurity and legal teams. The magnitude of compromised accounts was not disclosed.

In January, Microsoft stated that they were able to eliminate the hackers’ access to the compromised accounts. However, it was evident that the hackers still had a presence at that time.

The report mentioned that they gained access through manipulating login information on an outdated testing account, but did not provide further details.

Microsoft recently released information about a security breach, in accordance with a new rule from the U.S. Securities and Exchange Commission. This rule requires public companies to disclose any breaches that could have a detrimental impact on their business.

Source: voanews.com