BOSTON (NEWSnet/AP) — Microsoft said Friday it’s still trying to evict Russian government hackers who accessed email accounts of senior company executives in November attempted to breach customer networks with stolen access data.

Hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, disclosed in January, to compromise source-code repositories and internal systems, Microsoft said in a regulatory filing.

Microsoft said the hackers stole “secrets” from email communication between the company and unspecified customers. It involved cryptographic secrets such as passwords, certificates and authentication keys.

The situation has tremendous national security implications, said Tom Kellermann of cybersecurity firm Contrast Security.

“The Russians can now leverage supply chain attacks against Microsoft’s customers.”

When Microsoft announced the hack, it said the SVR unit infiltrated its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams. It would not say how many accounts were compromised.

At the time, Microsoft said it was able to remove the hackers’ access from the compromised accounts on or about Jan. 13. By then, they clearly had a foothold.

It said hackers gained access by compromising credentials on a “legacy” test account.

Follow NEWSnet on Facebook and X platform to get our headlines in your social feeds.

Copyright 2024 NEWSnet and The Associated Press. All rights reserved.