The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said.
The data breach has serious security implications. Pic/Getty Images
Microsoft said it is still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data. The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said.
ADVERTISEMENT
A company spokesman would not characterise what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems. Microsoft said Friday that the hackers stole “secrets” from email communications between the company and unspecified customers—cryptographic secrets such as passwords, certificates and authentication keys—and that it was reaching out to them “to assist in taking mitigating measures.” “This has tremendous national security implications,” said Tom Kellermann of the cybersecurity firm Contrast Security. “The Russians can now leverage supply chain attacks against Microsoft’s customers.”
Microsoft said it had not yet determined whether the incident is likely to materially impact its finances. It also said the intrusion’s stubbornness “reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.” The hackers, known as Cozy Bear, are the same hacking team behind the SolarWinds breach.
This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever