Rising Tide of Cyber Espionage: Microsoft and HPE Reveal Russian Intelligence Hacks, More Companies Expected to Follow
Recent disclosures by Microsoft and Hewlett-Packard Enterprise in their SEC filings have shed light on a series of email hacks attributed to Russian intelligence agencies, with security experts anticipating more companies to come forward with similar admissions.
Microsoft announced late Thursday that it had identified additional victims of these cyberattacks and was in the process of notifying them. While the company did not disclose the number of affected entities, experts familiar with the matter suggest that the impact of these hacks is more extensive than currently known. According to these sources, who preferred anonymity to preserve relationships with the affected companies, over 10 companies, possibly many more, are expected to disclose similar breaches.
The increase in these disclosures is partly due to strengthened rules by the Securities and Exchange Commission (SEC), which now require companies to inform shareholders about computer intrusions that could materially impact their operations. These rules have encouraged more companies to come forward about such incidents.
Microsoft and HPE, along with security experts, have indicated that the breaches were orchestrated by Russia’s SVR foreign intelligence service, which had infiltrated these companies for months. The exact methods used by the SVR, known as Midnight Blizzard by Microsoft and also referred to as Cozy Bear, remain unclear. However, Microsoft revealed that the agency gained access to its network by persistently trying the same password on various test accounts until successful.
What distinguishes the SVR’s approach, according to Aric Ward, a former White House threat analyst, is their blend of discretion, patience, and persistence, setting them apart from other state-sponsored cyberthreat actors. Their low-profile tactics make their activities elusive and challenging to detect.
The intrusions into Microsoft and HPE are particularly concerning due to the reliance of numerous other companies and agencies on their cloud services, including email. There is ongoing uncertainty about whether the hackers leveraged their access to Microsoft’s systems to target other companies.
Eric Goldstein, a top cybersecurity official at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, stated that the agency is actively seeking more information about the attack and its potential ramifications. Microsoft’s recent updates suggest that the SVR might have been sifting through emails of its cybersecurity experts to gain insights about the organization, possibly due to Microsoft’s support to Ukraine amid cyberattacks following the invasion two years ago.
George Barnes, a recently retired deputy director of the National Security Agency, commented on the situation, noting Microsoft’s significant role globally and its support for Ukraine, making it a prime target for such cyber espionage activities.
This ongoing situation highlights the ever-evolving landscape of cybersecurity threats and the need for vigilant security measures across industries, particularly against sophisticated state-sponsored cyberattacks.