Microsoft says it hasn't been able to shake Russian state hackers

abcnews.go.com:

Microsoft says it is still trying to evict the elite Russian government hackers who broke into the email of senior company executives in November and have since been trying to breach customer networks with stolen access data

BOSTON — Microsoft said Friday it's still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

The hackers from Russia's SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.

A company spokesman would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems. Microsoft said Friday that the hackers stole “secrets” from email communications between the company and unspecified customers — cryptographic secrets such as passwords, certificates and authentication keys —and that it was reaching out to them “to assist in taking mitigating measures.”

Cloud-computing company Hewlett Packard Enterprise disclosed on Jan. 24 that it, too, was an SVR hacking victim and that it had been informed of the breach — by whom it would not say — two weeks earlier, coinciding with Microsoft's discovery it had been hacked.

“The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do