This is what CrowdStrike has to say about massive SolarWinds attack

US issues advisory for agencies to update SolarWinds software. (Photo Courtesy: Twitter/@Unit42_Intel)

New Delhi: After the massive SolarWinds attack hit several top enterprises and government agencies in the US, cyber-security firm CrowdStrike has emphasised that it is not a customer of SolarWinds and the failed effort to breach the company was through an attack on a Microsoft product.

The company has also launched a CrowdStrike Reporting Tool for Azure (CRT), a free community tool that will help organisations quickly and easily review excessive permissions in their Azure AD environments, help determine configuration weaknesses, and provide advice to mitigate risk.

“Customer security and transparency are CrowdStrike’s top priority. We have conducted an extensive review of our production and internal environments and found no impact,” it said in a statement recently.

CrowdStrike was contacted by the Microsoft Threat Intelligence Center December 15.

Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.

“There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email,” it added.

“We strongly recommend all organizations leverage CRT to review their Azure tenants and understand if they need to take any configuration or mitigation steps, particularly as it relates to third-parties that may be present in your Azure environment”.

According to a report in The New York Times, as businesses such as Amazon and Microsoft that provide cloud services dig deeper for evidence, “It now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks”.

US Senator Mark Warner (D-Virginia) was quoted saying in the report that the hack looked “much, much worse” than he first feared.

The suspected Russian hackers installed a malware in the Orion software sold by the IT management company ‘SolarWinds’, and accessed sensitive data belonging to several US government agencies and businesses.

IANS

Exit mobile version