Advertisement

Suspected Russian hackers used Microsoft vendors to breach customers without SolarWinds software

  • Security company CrowdStrike says hackers won access to the vendor that sold it Office licences and used that to try to read its email
  • SolarWinds’ Orion software was previously the only known point of entry for the worst US cyberattack in years

Reading Time:3 minutes
Why you can trust SCMP
0
Many Microsoft software licences are sold through third parties, and those companies can have near-constant access to clients’ systems as the customers add products or employees. Photo: Reuters
The suspected Russian hackers behind the worst US cyberattack in years leveraged reseller access to Microsoft services to penetrate targets that had no compromised network software from SolarWinds, investigators said.

While updates to SolarWinds’ Orion software was previously the only known point of entry, security company CrowdStrike said Thursday hackers had won access to the vendor that sold it Office licences and used that to try to read CrowdStrike’s email. It did not specifically identify the hackers as being the ones that compromised SolarWinds, but two people familiar with CrowdStrike’s investigation said they were.

CrowdStrike uses Office programs for word processing but not email. The failed attempt, made months ago, was pointed out to CrowdStrike by Microsoft on December 15.

CrowdStrike, which does not use SolarWinds, said it had found no impact from the intrusion attempt and declined to name the reseller.

“They got in through the reseller’s access and tried to enable mail ‘read’ privileges,” one of the people familiar with the investigation told Reuters. “If it had been using Office 365 for email, it would have been game over.”

Many Microsoft software licences are sold through third parties, and those companies can have near-constant access to clients’ systems as the customers add products or employees.

Advertisement