In order to penetrate targets that had no compromised network software from SolarWinds Corp, reseller access to Microsoft Corp services were used by the suspected Russian hackers responsible for the worst US cyber attack in years, investigators into the incident have found.
Previously, the only known point of entry were the updates to SolarWinds' Orion software.
Hacker had gained access to the vendor that sold it Office licenses and then used that to attempt to read CrowdStrike's email, said Security company CrowdStrike Holdings Inc.
Office programmes for word processing is used by CrowdStrike but not email. On December 15, Microsoft informed to CrowdStrike about the failed cyber hacking attempt which had been made months ago.
While refusing to name the reseller, CrowdStrike said that no impact from the hacking attempt had been uncovered by it as yet. CrowdStrike does not use SolarWinds software. "They got in through the reseller's access and tried to enable mail 'read' privileges," said a Reuters report quoting one of the people familiar with the investigation. "If it had been using Office 365 for email, it would have been game over."
Third parties are used by Microsoft to sell many of its software licenses. An almost constant access to the systems of clients is generally available to these third party companies because the customers keep on adding products or employees or both and hence upgrades of the software is needed. Those customers need to be vigilant, Microsoft said on Thursday.
New questions about how many means of hacking do the hackers have at their disposal are now being raised because of this practice of Microsoft using resellers or third party companies and the use of such companies to try to break into a top digital defense company.
CrowdStrike security rival FireEye Inc and the US Departments of Defense, State, Commerce, Treasury, and Homeland Security are among the known victims of the cyber attack so far.
Tainted SolarWinds software internally had been found by them, said the other big companies, including Microsoft and Cisco Systems Inc. However the companies also said that their investigation had not found any signs that the hackers used SolarWinds software to widely hack into their systems and networks.
Till now, the only publicly confirmed channel for the initial break-ins is the Texas-based SolarWinds even through there have warnings for days from officials about other possible ways that are at the disposal of the hackers.
The fact that Microsoft products were used in attacks was reported by the media about a week ago. But that was not viewed to be the initial vector, federal officials said and that its systems were not utilized in the campaign, had previously been said by Microsoft.
However, its customers should still be wary, Microsoft later hinted. And on Tuesday, the company used a long, technical blog post to state in one sentence about the company finding that the hackers had reach Microsoft 365 Cloud "from trusted vendor accounts where the attacker had compromised the vendor environment."
(Source:www.wionnews.com)
Previously, the only known point of entry were the updates to SolarWinds' Orion software.
Hacker had gained access to the vendor that sold it Office licenses and then used that to attempt to read CrowdStrike's email, said Security company CrowdStrike Holdings Inc.
Office programmes for word processing is used by CrowdStrike but not email. On December 15, Microsoft informed to CrowdStrike about the failed cyber hacking attempt which had been made months ago.
While refusing to name the reseller, CrowdStrike said that no impact from the hacking attempt had been uncovered by it as yet. CrowdStrike does not use SolarWinds software. "They got in through the reseller's access and tried to enable mail 'read' privileges," said a Reuters report quoting one of the people familiar with the investigation. "If it had been using Office 365 for email, it would have been game over."
Third parties are used by Microsoft to sell many of its software licenses. An almost constant access to the systems of clients is generally available to these third party companies because the customers keep on adding products or employees or both and hence upgrades of the software is needed. Those customers need to be vigilant, Microsoft said on Thursday.
New questions about how many means of hacking do the hackers have at their disposal are now being raised because of this practice of Microsoft using resellers or third party companies and the use of such companies to try to break into a top digital defense company.
CrowdStrike security rival FireEye Inc and the US Departments of Defense, State, Commerce, Treasury, and Homeland Security are among the known victims of the cyber attack so far.
Tainted SolarWinds software internally had been found by them, said the other big companies, including Microsoft and Cisco Systems Inc. However the companies also said that their investigation had not found any signs that the hackers used SolarWinds software to widely hack into their systems and networks.
Till now, the only publicly confirmed channel for the initial break-ins is the Texas-based SolarWinds even through there have warnings for days from officials about other possible ways that are at the disposal of the hackers.
The fact that Microsoft products were used in attacks was reported by the media about a week ago. But that was not viewed to be the initial vector, federal officials said and that its systems were not utilized in the campaign, had previously been said by Microsoft.
However, its customers should still be wary, Microsoft later hinted. And on Tuesday, the company used a long, technical blog post to state in one sentence about the company finding that the hackers had reach Microsoft 365 Cloud "from trusted vendor accounts where the attacker had compromised the vendor environment."
(Source:www.wionnews.com)
Homepage
Send to a friend
Printable version
Share
