Investigators blame Microsoft Corp for hackings in the United States

  • CrowdStrike mentioned that it discovered no impact from the hacking attempt and it does not use SolarWinds software
  • Software licenses of Microsoft are being sold via the third parties and they have clear access to the client’s systems

The investigators scrutinizing the hackings into the United States (U.S.) treasury and other government departments have finally revealed that the hackers have leveraged reseller access to Microsoft Corp’s services. The hackings are not related to SolarWinds Corp’s compromised network services. 

On Thursday, security company CrowdStrike Holdings Inc. stated that the hackers entered into Microsoft’s vendors and while selling its office licenses tried accessing CrowdStrike’s email. Previously, it was suspected that SolarWind’s compromised network software is responsible for the cyberattacks in the U.S.

Although, these hackers are not identified as the ones behind SolarWind’s network breach, according to CrowdStrike’s investigation these are the same Russian hackers who are responsible. For word processing, CrowdStrike utilizes office programs and not email. On December 15, Microsoft pointed out the failed attempt of the hackers to CrowdStrike.

According to the exclusive report of Reuters, CrowdStike declined to name the reseller but mentioned that it discovered no impact from the hacking attempt and it does not use SolarWinds software.

One of the investigators told Reuters: “They got in through the reseller’s access and tried to enable mail ‘read’ privileges. If it had been using Office 365 for email, it would have been game over.”

The point to be noted is that the software licenses of Microsoft are sold via third parties and they have clear access to the client’s systems. But, Microsoft has pointed out that customers need to be sharp-eyed. 

Microsoft senior director Jeff Jones, told Reuters, “Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft products or cloud services.”

Last week, Reuters already reported that Microsoft’s in-house products were used in the cyberattacks, but the federal officials stated that they had not viewed it as an initial threat, and Microsoft pointed that its software was not utilized in the attacks. In a technical blog post, Microsoft used one sentence to mention seeing hackers reach Microsoft 365 Cloud “from trusted vendor accounts where the attacker had compromised the vendor environment.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Hot Topics

Motorola Edge S with Snapdragon 870 SoC to launch on January 26

Motorola Edge S is set to be launched on January 26 in China. Motorola confirmed this news while also revealing the chipset that will power...

Xiaomi assures to launch Redmi K40 in more than one variant

Xiaomi teased K40 to be launched in February this year and there is a chance that the other K40 phone would be powered...

Trump pulls out major licenses from Huawei and Itel; intends to reject other applications

The commerce department said that they are working closely with various other agencies to “consistently” apply licensing policies that would be useful in...

Related Articles

Maruti Suzuki cars get more expensive as prices have been increased for few models

Maruti Suzuki India Limited (MSIL), one of the largest carmakers in India, has announced a price hike for a few selected vehicles that will...

US government urges Australia to force Google, Facebook to pay for news

Investigation of ACCC revealed that out of every A$100 of online advertising, A$19 goes to other media companies, A$28 goes to Facebook and...

PhonePe become India’s leading UPI App in December’20 overtaking Google Pay

PhonePe was the most used UPI (Unified Payments Interface) app for December 2020 finally overtaking rival Google Pay after trailing behind for months. The...