Microsoft Has a Russian Hacker Problem

You read that right: Microsoft can’t seem to shake its Russian hackers. The company said Friday it was still attempting to remove the “elite” Russian government hackers that breached the email accounts of senior executives back in November. Worse yet, Microsoft says these same hackers are trying to break into customer networks with stolen access data.

The Russian hackers, a group known as Cozy Bear, were able to utilize data it stole during its November exploits to compromise source-code repositories and internal systems. If that name sounds familiar, it’s because it’s the same group behind the SolarWinds breach back in 2020. Microsoft wouldn’t disclose what source code in particular the hackers were able to review, nor would the company say what other abilities the hackers had to breach the systems of customer and Microsoft itself.

However, the company did say hackers stole “secrets” from customers and employees alike. These secrets range from passwords, to certificates, as well as authentication keys. Microsoft is contacting affected users directly—whether customers or employees—to “assist in taking mitigation measures.” Hopefully, that means protecting user data and accounts.

Microsoft is not mincing words in this breach: It knows the situation is not good. The company said in a statement that the effort was focused with resourceful hackers, and that the bad actors could use the information they stole to formulate a plan of attack for other areas of Microsoft’s networks, as well as improve its ability to effectively strike. Remember: These hackers have been in Microsoft’s systems since November, which shows how even one of the world’s leading technology companies isn’t too big to be intelligently attacked.

It’s not just Microsoft affected by these hackers, either. Hewlett Packard Enterprise was also targeted by the same group, and was told about the breach just two weeks earlier.