Microsoft said on Thursday that far-reaching Russian hack American government agencies and private corporations moved beyond what the company had previously perceived in their networks.
Although the hackers were suspected of working for Russia’s SVR intelligence agency, they did not use Microsoft’s system to attack other victims, they were able to view Microsoft source code through an employee account, the company said. said.
Microsoft stated that the hackers were unable to access the email or its products and services, and were not able to modify the source code they saw. It did not reveal how long the hackers were inside their network or which product source codes were viewed. Microsoft initially said that it did not break into the attack.
“Our investigation into our own environment has yielded no evidence of access to production services or customer data,” the company said. A blog post. “The investigation, which is ongoing, also has not received any indication that our system was used to attack others.”
The hack, which may be operational, appears to have started back by October 2019. This was when hackers violated SolarWinds, a Texas company that provides technology monitoring services to 425 government agencies and Fortune 500 companies. Compromised software was then used to enter the commerce, treasury, state and energy departments, Together with FireEye, A top cyber security firm that first revealed the breach this month.
Investigators are still trying to understand what the hackers stole, and active investigation suggests the attack is more widespread than initially believed. Last week, CrowdStrike, a FireEye contestant, announced that it too, unsuccessfully, was targeted by the same attackers. In that case, hackers used Microsoft resellers, companies that sell software on behalf of Microsoft, to try to gain access to their systems.
The Homeland Security Department has confirmed that SolarWinds was one of only several routes that attacked Russian American agencies, technology and cyber security companies.
President Trump has publicly suggested that Russia, and not China, could also be behind the hack – a discovery that was disputed by Secretary of State Mike Pompeo and other senior members of the administration. Mr. Trump has privately called the attack a “hoax”.
President-Elect Joseph R. Biden Jr. Has alleged Mr trump To remove the hack, and stated that his administration would not be able to rely on the software and networks that federal agencies rely on to conduct business.
Ron Clann, Mr. Biden’s Chief of Staff, has said the administration is planning a response that goes beyond sanctions.
“Those who are responsible are going to suffer the consequences for this,” Mr. Clain told CBS last week. “It’s not just a ban. It is these steps and things that we can do to reduce the ability of foreign actors to repeat such an attack or even worse, engage in even more dangerous attacks. “
Security experts said that the scope of the hack was not yet fully known. SolarWinds has said that its compromised software made its way into 18,000 networks of its customers. While SolarWinds, Microsoft and FireEye have stated that they believe the number of actual victims may be limited to dozens, continued investigation suggests the number may be much larger.
“The hack is much worse and more influential than it is today,” said Dmitry Alperovich, chair of the Silverado policy accelerator and former chief technology officer at Crowndryk. “We should handle ourselves for many more shoes in the coming months.”
US officials are still trying to understand whether the hack was traditional espionage, which the National Security Agency does for foreign networks, or that the Russians planted so-called back doors into government agencies, major corporations, the electric grid, and the system in the US. Nuclear Weapons Laboratory for attacks.
Officials believe the hack has been discontinued on unclassified systems, but there are concerns about sensitive unclassified data that hackers may find.
Microsoft said on Thursday its investigation revealed unusual activity from a small number of employee accounts. It was then determined that one was used “to view multiple source code repositories.”
The company said in its blog post, “No code or engineering systems were allowed to be modified on the account, and our investigation confirmed no changes.”
Unlike many technology companies, Microsoft does not rely on the confidentiality of its source code to protect its products. Employees can easily view the source code, and its risk model assumes attackers have ready use for it, suggesting that breech may limit collapse.
Some government officials have been disappointed that Microsoft, which is perhaps the biggest window in global cyberism for a private company, has not previously detected and alerted the government to hacking. Federal agencies and intelligence services learned to dissuade the SolarWinds from the Firefly.
Microsoft President Brad Smith has said that the hack is the government’s failure to share threat intelligence between agencies and the private sector. In a December interview, he called the hack a “moment of ephemera”.
“How will our government react to this?” Mr. Smith asked. “The nation seems to have lost the lessons learned from 9/11. Twenty years after something terrible happens, people forget what they must do to succeed. “