- CrowdStrike mentioned that it discovered no impact from the hacking attempt and it does not use SolarWinds software
- Software licenses of Microsoft are being sold via the third parties and they have clear access to the client’s systems
The investigators scrutinizing the hackings into the United States (U.S.) treasury and other government departments have finally revealed that the hackers have leveraged reseller access to Microsoft Corp’s services. The hackings are not related to SolarWinds Corp’s compromised network services.
On Thursday, security company CrowdStrike Holdings Inc. stated that the hackers entered into Microsoft’s vendors and while selling its office licenses tried accessing CrowdStrike’s email. Previously, it was suspected that SolarWind’s compromised network software is responsible for the cyberattacks in the U.S.
Although, these hackers are not identified as the ones behind SolarWind’s network breach, according to CrowdStrike’s investigation these are the same Russian hackers who are responsible. For word processing, CrowdStrike utilizes office programs and not email. On December 15, Microsoft pointed out the failed attempt of the hackers to CrowdStrike.
According to the exclusive report of Reuters, CrowdStike declined to name the reseller but mentioned that it discovered no impact from the hacking attempt and it does not use SolarWinds software.
One of the investigators told Reuters: “They got in through the reseller’s access and tried to enable mail ‘read’ privileges. If it had been using Office 365 for email, it would have been game over.”
The point to be noted is that the software licenses of Microsoft are sold via third parties and they have clear access to the client’s systems. But, Microsoft has pointed out that customers need to be sharp-eyed.
Microsoft senior director Jeff Jones, told Reuters, “Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft products or cloud services.”
Last week, Reuters already reported that Microsoft’s in-house products were used in the cyberattacks, but the federal officials stated that they had not viewed it as an initial threat, and Microsoft pointed that its software was not utilized in the attacks. In a technical blog post, Microsoft used one sentence to mention seeing hackers reach Microsoft 365 Cloud “from trusted vendor accounts where the attacker had compromised the vendor environment.”