Microsoft warns Russian hackers have expanded their attacks
The group’s “attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft wrote on its security blog. “This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”
Microsoft said it was reviewing emails that had been stolen from executives and its security staff, and warning customers whose secrets might have been revealed in that correspondence. It declined to say how many customers it had alerted, or to rule out whether the hackers had stolen source code or remained inside the company. Hewlett-Packard Enterprise, which provides cloud services to major companies, also said last month that it had been hacked.
The campaign’s success to date has shocked intelligence officials on multiple continents, who’ve privately warned dozens of more victims. They’ve issued warnings to users of cloud services, including Microsoft’s Office programs and Outlook email, with detailed recommendations about how to harden their installations.
On Thursday, the U.S. National Security Agency and Department of Homeland Security recommended that customers evaluate the security record of their vendors, audit the logs of activity on their accounts and limit the authority of users.
Though Amazon and Alphabet’s Google are major sellers of cloud services, neither has announced increased attacks or has as many sensitive government agencies as clients as Microsoft. Both declined to comment. (Amazon founder Jeff Bezos owns The Washington Post.)
Microsoft attributed the ongoing attacks to an SVR group that it calls Midnight Blizzard and that other security companies refer to as APT29 or Cozy Bear. It is the same group that hacked the…