“The suspected Russian hackers behind the worst U.S. cyber assault in years leveraged reseller entry to Microsoft Corp providers to penetrate targets that had no compromised community software program from SolarWinds,” Joseph Menn and Raphael Satter at Reuters report:
Whereas updates to SolarWinds’ Orion software program was beforehand the one identified level of entry, safety firm CrowdStrike Holdings Inc mentioned Thursday hackers had received entry to the seller that bought it Workplace licenses and used that to attempt to learn CrowdStrike’s e mail. It didn’t particularly establish the hackers as being those that compromised SolarWinds, however two folks acquainted with CrowdStrike’s investigation mentioned they have been.
CrowdStrike makes use of Workplace applications for phrase processing however not e mail. The failed try, made months in the past, was identified to CrowdStrike by Microsoft on Dec. 15.
CrowdStrike, which doesn’t use SolarWinds, mentioned it had discovered no influence from the intrusion try and declined to call the reseller.
“They bought in by way of the reseller’s entry and tried to allow mail ‘learn’ privileges,” one of many folks acquainted with the investigation informed Reuters. “If it had been utilizing Workplace 365 for e mail, it might have been sport over.”
Many Microsoft software program licenses are bought by way of third events, and people corporations can have near-constant entry to shoppers’ programs as the purchasers add merchandise or workers.
Extra at Reuters: Suspected Russian hackers used Microsoft vendors to breach customers