this post was submitted on 11 Mar 2024
232 points (98.3% liked)

Cybersecurity

5730 readers
124 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

Interesting view on this situation.

you are viewing a single comment's thread
view the rest of the comments
[–] autotldr@lemmings.world 22 points 8 months ago (1 children)

This is the best summary I could come up with:


Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.

A company spokesman would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems.

“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do so.” Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.

When it initially announced the hack, Microsoft said the SVR unit broke into its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams.

Microsoft’s latest disclosure comes three months after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business.


The original article contains 539 words, the summary contains 255 words. Saved 53%. I'm a bot and I'm open source!

[–] kid@sh.itjust.works 4 points 8 months ago