Nicole Perlroth: Microsoft said Thursday that the far-reaching Russian hack of US government agencies and private corporations went further into its network than the company had previously understood.
While the hackers, suspected to be working for Russia’s SVR intelligence agency, did not appear to use Microsoft’s systems to attack other victims, they were able to view Microsoft source code by accessing an employee account, the company said.
Microsoft said the hackers were unable to access emails or its products and services, and that they were not able to modify the source code they viewed. It did not say how long hackers were inside its networks or which products’ source code had been viewed. Microsoft had initially said it was not breached in the attack.
“Our investigation into our own environment has found no evidence of access to production services or customer data,” the company said in a blog post. “The investigation, which is ongoing, has also found no indications that our systems were used to attack others.”
The hack, which may be ongoing, appears to have begun as far back as October 2019. That was when hackers first breached the Texas company SolarWinds, which provides technology monitoring services to government agencies and 425 of the Fortune 500 companies. The compromised software was then used to penetrate the Commerce, Treasury, State and Energy Departments, along with FireEye, a top cybersecurity firm that first revealed the breach this month.
Investigators are still trying to understand what the hackers stole, and ongoing investigations suggest the attack is more widespread than initially believed. In the past week, CrowdStrike, a FireEye competitor, announced that it too had been targeted, unsuccessfully, by the same attackers. In that case, the hackers used Microsoft resellers, companies that sell software on Microsoft’s behalf, to try to access it systems.
The Department of Homeland Security has confirmed that SolarWinds was only one of several avenues that the Russians used to attack US agencies, technology and cybersecurity companies.
President Donald Trump has publicly suggested that China, not Russia, may have been the culprit behind the hack — a finding that was disputed by Secretary of State Mike Pompeo and other senior members of the administration. Trump has also privately called the attack a “hoax.” © 2020 The New York Times