Min menu


Russian hackers target security firm CrowdStrike

Investigators say the Russian hackers behind the worst cyberattack against America in years have benefited from vendors' access to Microsoft's services to hack targets that do not have SolarWinds' hacking Orion platform.

Updates to Orion were the only known entry point in the past, but it is clear that the group tried to infiltrate a major security company.

Security firm CrowdStrike says it was also targeted, and the attempt occurred within a 17-hour period several months ago, when hackers tried to access the company's email, but the attempt did not work.

CrowdStrike explained that hackers had gained access to the vendor who sold them office package licenses and used it to try to read their email.

Many Microsoft software licenses are sold through third parties, and these companies can have near-permanent access to customer systems, Microsoft said: These customers need to be vigilant.

"Our investigation revealed incidents involving data abuse, and we have not identified any security vulnerabilities or breaches of Microsoft products or cloud services," said Jeff Jones of Microsoft.

The Russian hackers' use of a Microsoft distributor to try to break into CrowdStrike raises new questions about the number of avenues available to hackers, who U.S. officials claim are acting on behalf of the Russian government.

Reuters reported a week ago that Microsoft products were used in the attacks, and the software giant hinted that its customers should remain vigilant.

But discovering vendors who still have access rights at any time is so difficult that CrowdStrike has issued an audit tool to do so.

SolarWinds has released a new update to fix vulnerabilities in its platform after discovering a second set of hackers who targeted the company's products.

This followed a blog post from Microsoft that said SolarWinds was targeted by the second group of hackers as well as Russian hackers.

The identity of the second group of infiltrators remains unclear, and Russia has denied any role in the hacking.