Microsoft disclosed on Friday that Russian state-backed hackers were able to access some of the company's core software systems in a hack that was initially revealed in January. This intrusion into Microsoft's systems was more extensive and serious than previously thought.
According to a filing with the US Securities and Exchange Commission, Microsoft stated that the hackers have been using information stolen from the company's corporate email systems to gain access to "some of the company's source code repositories and internal systems" in recent weeks.
Corporations and spies are after source code because it holds the key components of a software program, allowing it to function. Those who have access to the source code can potentially launch further attacks on different systems.
In January, Microsoft disclosed a breach, followed by Hewlett Packard Enterprise reporting a similar breach on their cloud-based email systems. The extent and purpose of these hacking activities remain unclear, but experts believe the responsible group has a track record of conducting intelligence gathering campaigns in support of the Kremlin.
A hacking group was responsible for the well-known breach of multiple US agency email systems in 2020. They used software created by US contractor SolarWinds. The hackers were able to access unclassified email accounts at the departments of Homeland Security and Justice, as well as other agencies, for months before the spying activities were detected.
US officials have linked the hacking group to Russia's foreign intelligence service. However, Russia has denied any involvement in the operation.
In the years following the 2020 hack, Russian hackers have persistently targeted popular tech companies as part of their espionage efforts, as confirmed by US officials and private analysts. This ongoing activity was highlighted recently, with the hackers possibly using stolen information from Microsoft to plan and improve future attacks, as stated in a blog post released alongside an SEC filing by the company.
Microsoft reassured that, so far, there is no indication that any customer-facing systems hosted by the company have been breached.
This is a developing story. It will be updated.
Editor's P/S:
The recent revelation of Microsoft's extensive breach by Russian state-backed hackers raises serious concerns about the ongoing threat to critical infrastructure and corporate secrets. The fact that hackers have accessed Microsoft's core software systems, including source code repositories, underscores the sophistication and determination of these malicious actors. It highlights the need for heightened vigilance and robust cybersecurity measures across industries.
Furthermore, the connection between the hacking group responsible for this intrusion and Russia's foreign intelligence service raises geopolitical implications. The targeting of technology companies for espionage purposes suggests a coordinated effort by the Kremlin to gather sensitive information and potentially disrupt critical systems. It is imperative that governments and organizations collaborate to combat these threats and hold accountable those responsible for such malicious activities. invest in research and innovation to stay ahead of the evolving tactics of cybercriminals and protect critical infrastructure from potential disruption.