Russian hackers breach key Microsoft systems

,CNN) — Russian-backed hackers gained access to some of Microsoft’s key software systems in a hack that first surfaced in January, the company said Friday, as it reported a more widespread and serious intrusion into Microsoft’s systems. What was known till now.

Microsoft believes hackers used information stolen from Microsoft’s corporate email system in recent weeks to access “some of the company’s source code repositories and internal systems,” the technology company told the United States Securities and Exchange Commission. said in a presentation before the commission.

Source code is coveted by corporations (and the spies who try to break it) because it contains the secret elements of a software program that make it work. Hackers with access to the source code can use it to carry out subsequent attacks on other systems.

Microsoft first disclosed the hack in January, days before another big tech company, Hewlett Packard Enterprise, said the same hackers had breached its cloud-based email system. The full scope and exact purpose of the hacking activity is unclear, but experts say the group responsible has a history of extensive intelligence-gathering operations in support of the Kremlin.

The hacking group was behind the infamous breach of email systems of several US agencies using software made by US contractor SolarWinds, which was disclosed in 2020. Hackers had access to unknown email accounts for months. classified information from the departments of Homeland Security and Justice, among other agencies, before the espionage operation was discovered.

US officials have identified the hacking group as being linked to Russia’s foreign intelligence service. Russia has denied its involvement in the operation.

In the years since the 2020 attacks, Russian hackers have continued to break into technology companies as part of their espionage campaigns, according to US officials and private experts. Based on the activity described Friday, hackers could use the information stolen from Microsoft to “build a picture of areas to attack and improve your ability to do so,” the company said in a blog post accompanying the filing. Said. SEC.

“To date, we have found no evidence that Microsoft-hosted customer support systems have been compromised,” Microsoft said.

This is a developing story and will be updated.