Leading cybersecurity company CrowdStrike has been notified by Microsoft that some hackers had attempted to read the company's emails through a breach of Microsoft Azure credentials.
Earlier this month, it was discovered that network management company SolarWinds was hit by a cyber attack, where threatening agents modified their software to install backdoors on customer networks through a supply chain attack.
As a result of this attack, SolarWinds customers are trying to scan their networks to see if they have been hacked.
After analyzing its internal and productive environment, CrowdStrike said on Thursday that it found no signs that the SolarWinds breach affected it.
The intruders violated Microsoft reseller accounts
During their investigation, CrowdStrike was informed by Microsoft on December 15 that a compromised Microsoft Azure reseller account had been used to read CrowdStrike emails.
A source told Reuters that the compromised reseller account had tried to allow Office 365 "Read" privileges to access CrowdStrike emails. As CrowdStrike does not use Office 365, the attack failed.
Microsoft CEO, Jeff Jones, told Reuters that the attack was carried out by them invaders who stole the credentials for the Microsoft reseller account and not the vulnerabilities in products or the services in the cloud.
"Our investigation into recent attacks has identified incidents involving the misuse of credentials to obtain access"which can occur in various forms," Jones told Reuters. "We have not identified any vulnerabilities or breaches in Microsoft cloud products or services."
In two articles published this month, Microsoft revealed how stolen credentials and access tokens are used to target Azure customers. Highly recommended managers Azure to read these articles to learn more about them attacks.
After learning of this attack attempt, CrowdStrike analyzed the Azure environment and found that it had not been compromised. However, during this analysis, found it difficult to use Azure management tools to list the privileges assigned to resellers and third-party partners.
To help administrators analyze the Microsoft Azure environment and see what rights have been assigned to third-party resellers and affiliates, CrowdStrike has released the free CrowdStrike Reporting Tool for Azure (CRT).
Source of information: bleepingcomputer.com