Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company's emails through compromised by Microsoft Azure credentials.
Earlier this month, it was discovered that the SolarWinds network management company suffered a cyberattack where threat actors modified their software to install backdoors on customers' networks via a supply chain attack.
Due to this attack, SolarWinds customers have been scrambling to analyze their networks to see if they were compromised in the supply chain attack.
After performing an analysis of their internal and production environment, CrowdStrike stated Thursday that they had found no signs that the SolarWinds breach impacted them.
Hackers compromised Microsoft reseller accounts
While performing their investigation, CrowdStrike was told by Microsoft on December 15th that a compromised Microsoft Azure reseller's account was used to try and read CrowdStrike's emails.
"Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email," CrowdStrike CTO Michael Sentonas disclosed.
A source familiar with the investigation told Reuters that the compromised reseller account had attempted to enable Office 365 'Read' privileges to access CrowdStrike's email. As CrowdStrike does not use Office 365, the attack failed.
Microsoft senior director Jeff Jones tol ..
Support the originator by clicking the read the rest link below.
