Worst-Ever Hack on the U.S.: Suspected Russian Hackers took Advantage of Microsoft Vendors

Last week, the US energy department confirmed that it was breached by “worst-ever hack on the US government.” The department is responsible for looking out the managerial aspects of US nuclear weapons; however, said the arsenal’s security is still safe. Microsoft, the tech giant, also confirmed presence of some malicious software in its systems.

Russia Denies any Role in This

A lot of people suspected that Russian government is behind the attack; however, the government has denied any involvement in the incident. According to the investigators, the suspected Russian hackers behind one of the worst cyber attacks in years used reseller access to Microsoft Corporation services to infiltrate targets that were not having any compromised network software from SolarWinds Corporation.

CrowdStrike only utilizes Office programs for word processing except the email software. There was also a failed attempt that was made months ago by Microsoft, pointed out to CrowdStrike.

CrowdStrike, the company which does not utilize SolarWinds, stated that it had not recorded any impact from the infiltration attempt and refused to blame the reseller.

According to one of the people familiar with the matter, “they got in through the reseller’s access and tried to enable mail ‘read’ privileges.” The person also said that, “if it had been using Office 365 for email, it would have been game over.”

Involvement of Third Parties

Several Microsoft software licenses are sold with the help of third parties. These companies are able to have near-constant access to clients’ systems as the customers include products or employees. Microsoft warned that those customers need to be more cautious.

“Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms,” stated Microsoft senior Director Jeff Jones. “We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.”

The utilization of a Microsoft reseller for the attempt to get into a top digital defense company generates new worries regarding the number of avenues the hackers, whom the U.S. officials have said are working for the Russian government, have at their disposal.

The discovered victims of are rival of CrowdStrike security i.e. FireEye Inc and the U.S. Departments of Defense, State, Commerce, Treasury, and Homeland Security. Other big players, such as Microsoft and Cisco Systems Inc, stated that they spotted a contaminated SolarWinds software internally; however, had not spotted any signs that the hackers utilized it to range majorly on their respective networks.

 

Officials were warning from a long time!

For beginning, Texas-based SolarWinds was the only publicly confirmed channel for the initial infiltration. However, officials have been alarming about the system drawbacks for days from which the hackers could have got in.

It was reported week ago that Microsoft products were utilized in attacks. However, federal officials stated that they had not considered it as an initial vector, and the software giant stated that its systems were not utilized in the campaign.

Microsoft also hinted that its customers should still be attentive. Concluding one of its long technical, blog post last week, it wrote one sentence to mention seeing hackers reach Microsoft 365 Cloud “from trusted vendor accounts where the attacker had compromised the vendor environment.”

Second Set of Unrelated Hackers!

Microsoft allows its vendors access to client systems in order to install products and enable new users. However, finding out which vendors still have access rights at any point of time is so difficult that CrowdStrike developed and rolled out a separate auditing tool to do that.

Following a series of other breaches via cloud providers, consisting of a major set of attacks attributed to Chinese government-backed hackers and known as CloudHopper, Microsoft this year implemented new controls on its resellers, consisting of inclusion of multifactor authentication.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency and had no immediate comment on the news. Also on Thursday, SolarWinds rolled out an update to rectify the risks in its flagship network management software Orion after the discovery of a second set of hackers that had gone for the products of the company. That followed a different Microsoft blog post on Friday saying that SolarWinds had its software targeted by a second and unrelated group of hackers apart from those linked to Russia.

The identity of these second set of hackers, or the degree of damage they have done by successfully breaching, remains unclear. Russia is still denying having any involvement in the hacking.

Leave a Reply

Your email address will not be published. Required fields are marked *