Microsoft struggling to fight off Russian cyberspies

Microsoft is still struggling to keep out the Russian cyberspies that gained high-level access to the company late last year, the company announced Friday.

Those hackers have in recent weeks gained access to some key company secrets, including digital vaults where the company keeps source code for some of its programs, the company said in a blog post.

Microsoft said the hackers are members of a group that the cybersecurity industry and U.S. and U.K. government agencies widely associated with Russia’s SVR intelligence agency, which is roughly analogous with the U.S. National Security Agency. The U.S. has said the SVR was responsible for the SolarWinds hacking campaign of 2020, one of the most expansive and successful cyberespionage campaigns against the U.S. government discovered to date.

A spokesperson for Russia’s Ministry of Foreign Affairs didn’t immediately respond to a request for comment.

The extent of valuable information that the hackers took is unclear, and a Microsoft spokesperson declined to share more information. But the ongoing hacking campaign is particularly noteworthy because Microsoft plays a crucial role in the U.S. Federal government systems and the company’s artificial intelligence research is some of the most advanced in the world.

Adam Meyers, the senior vice president for counteradversary operations at the cybersecurity company CrowdStrike, said that the type of valuable government information that Microsoft holds could be ripe for Russian influence operations aimed at destabilizing the country’s targets.

“What is significant here is that Microsoft has a tremendous amount of data of the United States government and other governments,” Meyers said. 

“If you think about the Russia angle, their goal is to try to drive a wedge in NATO, members of the European Union, in the United States to try and cause dissension and chaos and confusion,” he said.

Microsoft announced in January that it had discovered an ongoing hacking campaign that began in November. To gain access, the hackers relied on a crude technique, known as password spraying, of repeatedly trying username and password combinations in order to break into an account that had significant administrative authority.

The hackers were able to quickly gain access to the email accounts of some key Microsoft employees, including senior corporate leadership, legal teams and those who researched foreign cyberspies like the SVR, the company said at the time.

Since then, the problem has only grown more severe, the company said. Password spraying increased by tenfold from February to March, Microsoft said, and it appears that the hackers have been able to use what they initially learned to discover other weaknesses in the company’s systems.

In an emailed statement, a senior official at the U.S. Cybersecurity and Infrastructure Security Agency, Eric Goldstein, said the agency “remains closely engaged with Microsoft to understand this intrusion campaign and provide all necessary assistance to impacted organizations, including Microsoft customers.”