A Russian state-sponsored hacking group that stole sensitive data from Microsoft Corp executives is trying to leverage that information to compromise the company’s source code and other internal systems, according to the technology giant.

The revelation makes clear that a hacking campaign Microsoft first identified in January had more unauthorised access than previously thought, the company said in a filing to the US Securities and Exchange Commission on Friday and a related blog post.

The hackers “ongoing attack is characterised by a sustained, significant commitment of the threat actor’s resources, coordination and focus”, Microsoft said, adding that further unauthorized access might occur.

The company said it is coordinating with federal law enforcement about what it described as its ongoing investigation. The FBI declined to comment.

In February, the hackers increased tenfold the volume of attempted password spray attacks, a technique in which intruders attempt to use multiple passwords on specific usernames to try breaching high-value accounts, according to Microsoft. The group also is attempting to use secrets shared between Microsoft and its customers in email, according to the blog post. “To date, we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

The hackers, who Microsoft calls “Midnight Blizzard”, “may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so,” Microsoft said. They were previously caught accessing emails that belonged to senior leaders, including cybersecurity and legal executives.

The suspected Russian hackers, who industry experts also call Cozy Bear and APT29, are the same group that the US and UK blamed in 2021 for the cyberattack on SolarWinds Corp, in which malicious code was inserted in a software update that allowed the intruders further access to customers. In all, about 100 companies and nine federal agencies were targeted for further attacks.

In February, the US, UK and other allies warned that the same group, which they say comprises hackers from the Russian Foreign Intelligence Service, known as the SVR, were finding ways to access cloud environments in order to target aviation, education, law enforcement, local and state councils, government financial departments and military organisations. – Bloomberg