Russian cyberattack SolarWinds hackers used to break into Microsoft’s Office 365

Russians are suspected to have used cyber assault Microsoft resellers

Proof from CrowdStrike Security Company indicates that Microsoft-owned companies that sell applications have been used to hack into Microsoft's Office 365 clients.

When the United States targets government agencies, private firms and national infrastructure through a long-term Russian cyberattack, fresh evidence has been found that hackers have chased their victims through many networks.

Tech from SolarWinds, the Austin based business whose updates were jeopardized by the Russians, have been the most popular intrusions to date. But recent evidence from the CrowdStrike protection company shows that firms offering applications on behalf of Microsoft have also been used to hack into Microsoft's Office 365 customers.

t
New evidence indicates that the SolarWinds hackers used software sellers for Microsoft as a way of breaking into the software of customers.

Since resellers are also tasked with the setting up and maintaining applications for consumers, they — like SolarWinds — have become an excellent front for Russian hackers and a nightmare for Microsoft cloud clients, who still determine how deeply Russia's hackers are gripping on their systems.

Glenn Chisholm, founder of Obsidian, a cybersecurity company, said, "They couldn't break into Microsoft 365 direct. They aimed at the most vulnerable point in the supply chain.

On Wednesday, CrowdStrike reported that it was also an attack goal. In the case of CrowdStrike, the Russians used a Microsoft reseller rather than SolarWinds and the attack was unsuccessful. A spokesperson for CrowdStrike, Ilina Dimitrova, refused to comment on the attempted attack, over and above a company blog post.

The method is no distinction from the 2013 Goal attack, where hackers penetrate the heating and cooling supplier of the retailer.

The new Russo attacks, thought to have started last spring, have exposed the software supply chain to a significant blind spot. Companies can monitor phishing attacks and malware whenever they want, but, given that they have blindly faithful cloud providers and services such as Microsoft, Salesforce's G-Suite, Zoom, Slack, Solar Winds and others — and that they can give them broad access to employer e-mail and corporate networking — cyber security experts claim they will never be safe.

"Create a web of connections and an opportunity for the attacker by these cloud services," said Chisholm. "A new wave of modern attacks on these modern cloud platforms is what we see today and we need to protect ourselves in 2021."

Some media have mistaken recent developments with an infringement of Microsoft. But last week, the company said that it was not hacked or used to harass customers.

But the discovery of CrowdStrike reveals how Russian hackers indirectly used their resellers to threaten their customers. CrowdStrike said in a Wednesday blog post that hackers tried to read company emails from a reseller but couldn't access data or systems.

The attack was not identified by the United States authorities until last week and only when a private cybersecurity agency, FireEye, warned American intelligence that the hackers evaded defense layers.

It was clear that even analysts, after a quarter of a year's Russian hacking on the Pentagon and on American civil bodies, were shocked by the Treasury and Commerce Departments, the first agencies allegedly being hacked.

Apparently SolarWinds did not know about the violation of networking software until it was last week told by FireEye — the leading American intelligence agency, which both hides international networks and protecting national security agencies against attacks. SolarWinds is used by the National Security Agency itself.

Two of the most humiliating breaches happened at the Pentagon and Homeland Security, which supervised the successful defense of the American electoral system last month by the Cybersecurity and Infrastructure Security Department.

Behind the attack, Russian hackers broke into the email system used by senior officials in the Treasury in July.

The Californian State Hospitals Department has confirmed at least two dozen computers — among which Cisco, Intel, Nvidia, Deloitte and the Department — to be hacked. Some of the groups, such as Intel and Deloitte, said the attack had no effect on their most critical systems.