Microsoft is a critical partner for the U.S. government and is engaged in advanced AI research.
Microsoft announced on Friday that it continues to struggle against Russian cyberspies who gained high-level access to the company late last year.
In recent weeks, these hackers have accessed key company secrets, including digital vaults containing the source code for some of Microsoft’s programs, according to a blog post by the company.
Microsoft identified the hackers as members of a group widely linked to Russia’s SVR intelligence agency by the cybersecurity industry and U.S. and U.K. government agencies. The U.S. has previously attributed the SVR with the 2020 SolarWinds hacking campaign, one of the most extensive and successful cyberespionage operations against the U.S. government.
A spokesperson for Russia’s Ministry of Foreign Affairs did not immediately respond to a request for comment.
The extent of the stolen information remains unclear, and a Microsoft spokesperson declined to provide further details. However, this ongoing hacking campaign is particularly concerning because of Microsoft’s crucial role in U.S. federal government systems and its advanced artificial intelligence research.
Adam Meyers, senior vice president for counteradversary operations at CrowdStrike, noted the potential implications, stating, “What is significant here is that Microsoft holds a tremendous amount of data from the United States government and other governments, which could be exploited by Russian influence operations aimed at destabilizing their targets.”
“If you consider the Russian angle, their objective is to create division within NATO, the European Union, and the United States by fostering dissension, chaos, and confusion,” he stated.
In January, Microsoft announced it had uncovered an ongoing hacking campaign that started in November. The hackers used a basic technique called password spraying, which involves repeatedly trying different username and password combinations to break into an account with significant administrative authority.
The hackers quickly gained access to the email accounts of key Microsoft employees, including senior corporate leadership, legal teams, and those researching foreign cyberspies like the SVR, according to the company.
Since then, the situation has worsened. Microsoft reported that password spraying attempts increased tenfold from February to March, indicating that the hackers have used their initial findings to uncover other vulnerabilities in the company’s systems.
Eric Goldstein, a senior official at the U.S. Cybersecurity and Infrastructure Security Agency, said in an emailed statement that the agency “remains closely engaged with Microsoft to understand this intrusion campaign and provide all necessary assistance to impacted organizations, including Microsoft customers.”