Microsoft said it is still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data. The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said.

A company spokesman would not characterise what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems. Microsoft said Friday that the hackers stole “secrets” from email communications between the company and unspecified customers—cryptographic secrets such as passwords, certificates and authentication keys—and that it was reaching out to them “to assist in taking mitigating measures.” “This has tremendous national security implications,” said Tom Kellermann of the cybersecurity firm Contrast Security. “The Russians can now leverage supply chain attacks against Microsoft’s customers.”