The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago.
CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials. Due to this attack, SolarWinds customers have been scrambling to analyze their networks to see if they were compromised in the supply chain attack.
Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email," CrowdStrike CTO Michael Sentonas said.
Microsoft senior director Jeff Jones told Reuters that this attack was made by the hackers stealing the credentials for the Microsoft reseller's account rather than vulnerabilities in their products or cloud services.
Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms, said Jones. "We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.