Suspected Russian Hackers Made Failed Attempt to Breach CrowdStrike, Company Says

WASHINGTON (Reuters) -
A Russian flag is seen on the laptop screen in front of a computer screen on which cyber code is displayed, in this illustration picture taken March 2, 2018. (REUTERS/Kacper Pempel/Illustration/File Photo)

ackers who broke into a series of U.S. government agencies and FireEye Inc also made a failed attempt to access emails from another cybersecurity firm, CrowdStrike Holdings Inc, the company said on Thursday.

In a blog post, CrowdStrike said Microsoft Corp alerted it on Dec. 15 that the hackers had tried to read its emails using a Microsoft reseller’s account “several months ago.”

CrowdStrike said the attempt failed, and did not identify the reseller.

The precise mechanics of the attempted compromise are unclear. Microsoft resellers often repackage Microsoft products, such as its popular Office 365 productivity suite or Azure cloud computing service, and bundle them with other products or services to sell to end customers.

In some cases, resellers might maintain access to customers’ systems, for example to run updates or add products.

Microsoft did not immediately return a message seeking comment on Thursday. The Cybersecurity and Infrastructure Security Agency did not immediately respond to an email. The National Security Agency declined to comment.

The use of a Microsoft reseller to try to break into a top digital defense company raises new questions about how many avenues the hackers, whom U.S. officials have alleged are operating on behalf of the Russian government, have had to infiltrate American networks.

Until now, Texas-based SolarWinds Corp was the only publicly confirmed channel for break-ins, although officials have been warning for days that the hackers had also used other unspecified ways to subvert their targets.

Microsoft had also hinted that its customers should be wary. At the end of a long, technical blog post on Tuesday it mentioned seeing hackers access companies through “trusted vendor accounts” with access to Microsoft cloud services.

However on Dec. 19, Microsoft President Brad Smith told the Washington Post he could provide “a blanket answer that affirmatively states no, we are not aware of any customers being attacked through Microsoft’s cloud services or any of our other services, for that matter, by this hacker.”

Separately, SolarWinds said on Thursday it had released an update to fix the vulnerabilities in its flagship network management software, Orion, following the discovery of a second set of hackers that had targeted the company’s products.

That followed a separate Microsoft blog post on Friday saying that SolarWinds had its software targeted by a second and unrelated group of hackers in addition to those linked to Russia.

The identity of the second set of hackers, or the degree to which they may have successfully broken in anywhere, remains unclear.

Russia has denied having any role in the hacking.


Updated Thursday, December 24, 2020 at 1:11 pm .