Investigators say that the suspected Russian hackers behind the SolarWinds leveraged access by Microsoft services resellers to penetrate targets that had no compromised network software from SolarWinds Corp.
Security company, CrowdStrike Holdings, says the hackers had gained access to the vendor that sold it Microsoft Office licenses and used the access to try to read CrowdStrike’s emails according to a Reuters report.
CrowdStrike did not specifically link the hackers to the SolarWinds hack. However, Reuters reports sources connected to the matter confirming this. The attempt happened months ago but it failed. Crowdstrike informed Microsoft on the development on 15th December 2020. CrowdStrike itself uses Office programs for word processing but uses another service for its emails. It also does not use SolarWinds, and says it had found no impact from the intrusion attempt.
– Big Tech Companies Reportedly Affected In SolarWinds Software Hack
– Facebook To Introduce Hardware Keys To Bolster Security
– IBM Security Researchers Reveal Global Phishing Campaign Against COVID-19 Vaccine Distribution Chain
“They got in through the reseller’s access and tried to enable mail ‘read’ privileges. If it had been using Office 365 for email, it would have been game over,” a source told Reuters.
Microsoft sells a lot software licenses through third parties, and those companies can have constant access to clients’ systems as the customers add products or employees. Microsoft warns those companies to be careful.
“Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft product or cloud services,” Microsoft senior Director Jeff Jones said.
The attack is the worst is US cyber history. FireEye Inc and the US Departments of Defense, State, Commerce, Treasury, and Homeland Security plus Cisco and Microsoft have been identified as compromised.
The SolarWinds software had initially been thought to be the only channel for the attacks, however, investigators now believe there were others including Microsoft.
Make sure to follow Plat4om on Twitter @Plat4omLive, on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at firstname.lastname@example.org. Also, don’t forget to subscribe to our YouTube channel HERE.