CrowdStrike Fends Off Attack Attempted By SolarWinds Hackers

/in


The suspected Russian hackers behind the massive SolarWinds attack attempted to hack CrowdStrike through a Microsoft reseller’s Azure account but were ultimately unsuccessful, CrowdStrike said.

The Sunnyvale, Calif.-based endpoint security giant said it was contacted on Dec. 15 by Microsoft’s Threat Intelligence Center, which had identified a reseller’s Microsoft Azure account making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago, CrowdStrike Chief Technology Officer Michael Sentonas wrote in a blog post Wednesday.

The reseller’s Azure account was used for managing CrowdStrike’s Microsoft Office licenses, and Sentonas said the hackers attempted to read the company’s email. That attempt was unsuccessful, Sentonas said, adding that CrowdStrike’s findings were confirmed by Microsoft. As part of CrowdStrike’s secure IT architecture, Sentonas said the company doesn’t use Office 365 email.

[Related: SolarWinds Deploys CrowdStrike To Secure Systems After Hack]

“CrowdStrike conducted a thorough review into not only our Azure environment, but all of our infrastructure for the indicators shared by Microsoft,” Sentonas wrote in the blog post. “The information shared by Microsoft reinforced our conclusion that CrowdStrike suffered no impact.”

CrowdStrike’s review in the wake of the SolarWinds hack was “extensive” and included both the company’s production and internal environments, according to Sentonas. The firm’s stock is up $45.23 (25.7 percent) to $221.12 per share since news of Russian foreign intelligence service hackers injecting malware into updates of SolarWinds’ Orion network monitoring platform went public on Dec. 13.

The reseller was not identified in CrowdStrike’s blog post, and the company declined further comment on the attempted attack.

Microsoft told CRN that if a customer buys a cloud service from a reseller and allows the reseller to retain administrative access, then a compromise of reseller credentials would grant access to the customer’s tenant. This abuse of access would not be a compromise of Microsoft’s services themselves, according to the company.

Customers do not have to…

Source…