Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Microsoft Security

Microsoft Says Russian Hackers Stole Source Code After Spying On Its Executives (theverge.com) 29

Microsoft revealed earlier this year that Russian state-sponsored hackers had been spying on the email accounts of some members of its senior leadership team. Now, Microsoft is disclosing that the attack, from the same group behind the SolarWinds attack, has also led to some source code being stolen in what Microsoft describes as an ongoing attack. From a report: "In recent weeks, we have seen evidence that Midnight Blizzard [Nobelium] is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access," explains Microsoft in a blog post. "This has included access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised."

It's not clear what source code was accessed, but Microsoft warns that the Nobelium group, or "Midnight Blizzard," as Microsoft refers to them, is now attempting to use "secrets of different types it has found" to try to further breach the software giant and potentially its customers. "Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures," says Microsoft.

This discussion has been archived. No new comments can be posted.

Microsoft Says Russian Hackers Stole Source Code After Spying On Its Executives

Comments Filter:
  • WINNING! (Score:4, Funny)

    by Anonymous Coward on Friday March 08, 2024 @11:14AM (#64300119)

    Vote for Trump in 2024 and we will be sending troops over to our comrades in Russia to help them check Ukraine's aggression. #trump2024

  • We know there's not enough money on Earth to pay for the treatment of the psychological damage to the brain after having to review and sort the Windows source code...

    • by Tablizer ( 95088 )

      In Soviet Russia, Microsoft Windows executes you.

      Maybe it's a plot by the CIA to gum up Russia's systems by tricking them into adding MS source code. Excellent plan!

  • Why do executives need access to the source code?

    • Re:Least Priviledge (Score:5, Informative)

      by quonset ( 4839537 ) on Friday March 08, 2024 @11:43AM (#64300217)

      Why do executives need access to the source code?

      2 answers:

      1) Because they're executives

      2) They don't, but by gaining access to their accounts the hackers were able to further infiltrate the network and bypass security because these people were on the inside.

    • by zlives ( 2009072 )

      i am more interested in what "exfiltrated from our corporate email systems" means
      i mean no advertising for o365 is bad advertising... right?

    • by gweihir ( 88907 )

      Because Microsoft is run by idiots and all non-idiot engineers have left a long time ago.

  • Source code wants to be open, Russia was just liberating the code
  • ...stop clicking on popups.

    • They are chocking on the dog food over there. There is Exchange Online Protection, there is Defender for Office365, there is Windows Defender, there is Information Rights Management, there is Data Loss Prevention, and then there are humans. They can add more shitty software but humans will still do the wrong thing.

  • Why do executives have access to the code? Isn't that a basic control issue? Isn't that the sort of business best practice you'd expect from MS?

    • by gweihir ( 88907 )

      Indeed. If you are a closed-source shop (which is pretty stupid these days already), then sources are need-to-know. Obviously MicroShit does not even understand that basic principle or is incapable of applying it.

      • by gweihir ( 88907 )

        In particular, because on MS crapware, it is _very_ easy to do the wrong thing. They should have used real software, not toys that pretend to be business software.

  • by packrat0x ( 798359 ) on Friday March 08, 2024 @01:00PM (#64300481)

    Maybe Russia wanted to
    A) permanently disable Microsoft Telemetry
    B) fix bugs important to Russian users
    C) create a better schedule for updates
    D) install updates without rebooting

    • by bn-7bc ( 909819 )
      B made me think what bugs might be more important to russian users that others (thus not getting enough priority from ms because the receive more complaints about other bugs? First i thought anything retreated to Cyrillic text, but doesn't that boil down to Unicode issues that probably will affect others as well? -- oh you mean the supposed CIA backdoors camouflaged as bugs, so hvat the FSB (frmr KGB) cares about, got you
  • by gweihir ( 88907 ) on Friday March 08, 2024 @02:32PM (#64300839)

    ... is a complete idiot at this time. Catastrophic Azure compromises, still incapable of doing reliable updates, malware still unsolved, cannot even keep their (doubtlessly full of security problems) sources secure. This is a company with a ton of money and absolutely no clue how to make good products.

  • by nehumanuscrede ( 624750 ) on Friday March 08, 2024 @03:08PM (#64300979)

    If anyone is stealing source code from Microsoft it's likely for the purposes of how NOT to build an operating system.

  • Well I've got a whole box of Russian vacuum tubes in my workshop.

  • If it's not clear what source code accessed, how do they know that source code was accessed? It seems like they're in the dark, fucking clueless.

  • is how we're expected to believe that Russia discovered a zero-day that our own intelligence agencies were not also aware of. But just like with Sony blaming North Korea for leaking The Interview, it's always easier to blame a foreign power for everything than your own (ex) employees.
  • Why do execs (with the possible exception on pres and vp of development) have access to source code repos, do they really need it to do their job? If they have it and don't need it, why don't the claimers or the cafeteria employees have it? For a securely policy to work, at least somewhat effectively, it has to apply to everyone regardless of rank/job title hence my somevat constructed example with cafeteria workers and kleaners (and yea I know these functions are probably outsourced so they are probably no

You are always doing something marginal when the boss drops by your desk.

Working...