Microsoft said on Thursday that the long-range Russian cyber attack against U.S. government agencies and private corporations went further on its network than the company had previously revealed.
Although hackers, suspected of working for the Russian intelligence agency SVR, did not appear to be using Microsoft systems to attack other victims, they were able to view some Microsoft source code hacking into an employee’s account, the company said.
Microsoft had previously said it was not breached in the attack, which compromised dozens of federal agencies as well as corporations. Microsoft said its subsequent investigation revealed that the hackers were unable to access email or its products and services, and that they were unable to modify the source code they viewed.
The Russian attack, which may be underway, appears to have started in October 2019. That’s when hackers first breached a Texas company called SolarWinds, which provides network monitoring services to government agencies and 425 Fortune 500 companies. The Departments of Commerce, Treasury, State and Energy were breached in the attack, as was FireEye, one of the top cyber security companies that revealed the breach for the first time this month.
Investigators are still trying to understand what the hackers stole, but investigations by FireEye, Microsoft, Amazon and other companies have revealed that the attack may have a much larger scope than originally believed. Last week, CrowdStrike, a FireEye competitor, announced that he had also been unsuccessfully targeted by the same attackers. In this case, the hackers used Microsoft resellers, companies that sell software on behalf of Microsoft, to try to access their systems.
The Department of Homeland Security confirmed that SolarWinds was one of several avenues that the Russians used to attack American agencies, technology companies and cybersecurity.
President-elect Joseph R. Biden Jr. accused President Trump of minimizing the hack. Mr Trump called the attack in particular “farce”. Publicly, he suggested that China, not Russia, may have been to blame – a finding that was contested by Secretary of State Mike Pompeo.
This is a developing story and will be updated.