Priya Patel
TLDR:
Microsoft is still trying to evict Russian hackers who breached the company’s systems in November. The hackers stole “secrets” from email communications and accessed source-code repositories and internal systems. Security experts warn of national security implications and criticize Microsoft’s handling of the breach.
Full Article:
Microsoft has been dealing with a breach by Russian hackers who infiltrated the email accounts of senior executives in November. The hackers, identified as the SVR foreign intelligence service, used stolen data to compromise source-code repositories and internal systems. Customer networks were also targeted using the stolen access data.
The hackers stole cryptographic secrets from email communications between Microsoft and its customers, such as passwords, certificates, and authentication keys. Microsoft is reaching out to customers affected by the breach to assist in implementing security measures.
Hewlett Packard Enterprise also fell victim to the SVR hacking, raising concerns about the heavy reliance on Microsoft’s software and global cloud network. Cybersecurity experts highlight the national security implications and warn of supply chain attacks against Microsoft’s customers.
Despite efforts to contain the breach, Microsoft admitted that the hackers’ attack has not been fully halted. The company’s handling of the breach and its lack of transparency regarding vulnerabilities have drawn criticism from security professionals. The incident reflects a global threat landscape of sophisticated nation-state cyberattacks.
The hackers, known as Cozy Bear, were also responsible for the SolarWinds breach. Microsoft initially removed the hackers’ access from compromised accounts in January but discovered that the hackers maintained a foothold. The breach highlights the vulnerabilities in Microsoft’s systems and the potential risks posed to its customers.
Microsoft’s disclosure of the breach comes in the wake of a new SEC rule requiring companies to disclose breaches that could impact their business. The ongoing threat from nation-state cyberattacks underscores the importance of robust cybersecurity measures and collective efforts to protect sensitive data.
