New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company’s email.
The hacking endeavour was reported to the company by Microsoft’s Threat Intelligence Centre on December 15, which identified a third-party reseller’s Microsoft Azure account to be making “abnormal calls” to Microsoft cloud APIs during a 17-hour period several months ago.
The undisclosed affected reseller’s Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.
Although there was an attempt by unidentified threat actors to read the emails, it was ultimately foiled as the firm does not use Microsoft’s Office 365 email service, CrowdStrike said.
The incident comes in the wake of the supply chain attack of SolarWinds revealed earlier this month, resulting in the deployment of a covert backdoor (aka “Sunburst”) via malicious updates of a network monitoring software called SolarWinds Orion.
Since the disclosure, Microsoft, Cisco, VMware, Intel, NVIDIA, and a number of US government agencies have confirmed finding tainted Orion installations in their environments.
images from Hacker News