The alleged Russian hackers behind a major U.S cyber attack in many years leveraged vendor’s access to the Microsoft Corp services inorder to further penetrate that didn’t have any compromised network software from the SolarWinds Corp.
Although updates to the SolarWinds’ Orion software was initially the only known entry point, CrowdStrike, a security company said Thursday hackers had gained access to the reseller that sold it the Office licenses and used it to try and read CrowdStrike’s emails. But it did not identify the hackers as the same ones who had compromised SolarWinds, but some people who were familiar with the CrowdStrike investigation pointed to them.
CrowdStrike utilizes office programs for all word processing and not emails. The failed try, made a few months ago, largely pointed to CrowdStrike by Microsoft on 15th December.
On the other hand, CrowdStrike doesn’t use SolarWinds, and stated that they did not find any impact from the hack attempt and refused to name the vendor.
Many software licenses from Microsoft are sold through 3rd parties and these companies don’t have any constant access to clients’ systems as employees or customers add products as Australian Dollar 1st Quarter Upbeat As RBA Reject Negative OCR.
On Thursday Microsoft said that the customers should remain vigilant.
Jeff Jones, a Senior Microsoft Director said that their investigation of the latest attacks found some incidents that involve credentials abuse to gain access. Also, they further said that had not identified any compromise or vulnerability of cloud services or Microsoft product.
The use of the Microsoft vendor to breach into top digital defense organizations rises questions about how many attempts the hackers have tried previously in their attempts to access the companies.
As of know, the know victims of this cyber attack are the US Department of Defense, Homeland, Treasury, Commerce, and State Security, as well as CrowdStrike security rival FireEye Inc. other major companies including Cisco Systems and Microsoft Inc., has indicated that they found tainted SolarWinds software internally, but didn’t find any signs that the cybercriminals used it to access most of their networks.
Until today, SolarWinds is the only publically verified channel for the first break-ins, even though the officials have been warning for a few days that the cybercriminals found other ways to get into the network.
Microsoft has further stated that its clients must be wary. This is because the hackers tried to gain access to the Microsoft 365 Cloud from trusted reseller accounts where the hacker had compromised the reseller environment.
Microsoft permits their resellers to have access to the client systems so that they can install products and also allow new users. However, discovering the vendors that still have access rights at any point is quite challenging that CrowdStrike built and released the auditing tool to get this done.