Suspected Russian hackers made failed try and breach CrowdStrike, firm says


© Reuters. Exterior view of SolarWinds headquarters in Austin


By Joseph Menn and Raphael Satter

WASHINGTON (Reuters) -Hackers who broke into a series of U.S. government agencies and FireEye (NASDAQ:) Inc also made a failed attempt to access emails from another cybersecurity firm, CrowdStrike Holdings (NASDAQ:) Inc, the company said on Thursday.

In a blog post, CrowdStrike said Microsoft Corp (NASDAQ:) alerted it on Dec. 15 that the hackers had tried to read its emails using a Microsoft reseller’s account “several months ago.”

CrowdStrike said the attempt failed, and did not identify the reseller.

The precise mechanics of the attempted compromise are unclear. Microsoft resellers often repackage Microsoft products, such as its popular Office 365 productivity suite or Azure cloud computing service, and bundle them with other products or services to sell to end customers.

In some cases, resellers might maintain access to customers’ systems, for example to run updates or add products.

Microsoft did not immediately return a message seeking comment on Thursday. The Cybersecurity and Infrastructure Security Agency did not immediately respond to an email. The National Security Agency declined to comment.

The use of a Microsoft reseller to try to break into a top digital defense company raises new questions about how many avenues the hackers, whom U.S. officials have alleged are operating on behalf of the Russian government, have had to infiltrate American networks.

Until now, Texas-based SolarWinds Corp was the only publicly confirmed channel for break-ins, although officials have been warning for days that the hackers had also used other unspecified ways to subvert their targets.

Microsoft had also hinted that its customers should be wary. At the end of a long, technical blog post on Tuesday it mentioned seeing hackers access companies through “trusted vendor accounts” with access to Microsoft cloud services.

However on Dec. 19, Microsoft President Brad Smith told the Washington Post he could provide “a blanket answer that affirmatively states no, we are not aware of any customers being attacked through Microsoft’s cloud services or any of our other services, for that matter, by this hacker.”

Separately, SolarWinds said on Thursday it had released an update to fix the vulnerabilities in its flagship network management software, Orion, following the discovery of a second set of hackers that had targeted the company’s products.

That followed a separate Microsoft blog post on Friday saying that SolarWinds had its software targeted by a second and unrelated group of hackers in addition to those linked to Russia.

The identity of the second set of hackers, or the degree to which they may have successfully broken in anywhere, remains unclear.

Russia has denied having any role in the hacking.

Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.

Comments are closed.