The suspected Russian hackers who penetrated important U.S. government networks by hijacking the system information technology vendor SolarWinds Corp. used to update customers’ software also used Microsoft resellers’ systems to break into their clients’ systems, Reuters reported, citing investigators.
Crowdstrike Holdings Inc., a security firm, on Thursday said its unidentified software vendor had been comprised and hackers used the access try to read Crowdstrike’s internal email, Reuters reported. As it turned out, however, Crowdstrike used some Microsoft Office tools, but not for email.
Reuters quoted an unidentified source as saying of the attack several months ago: “They got in through the reseller’s access and tried to enable mail ‘read’ privileges. If it had been using Office 365 for email, it would have been game over.”
Reuters quoted Senior Director Jeff Jones as saying Thursday, “Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.”
Reuters reported that the laundry list of entities targeted by the allegedly Russian vendors (the country’s government denies involvement) or their agents includes: CrowdStrike, security firm FireEye Inc. and the federal Departments of Defense, State, Commerce, Treasury and Homeland Security.
The ability of malicious intruders to gain access to such sensitive systems has spurred business owners to reassess the security of their own systems, including email.
“This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed,” John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy, said in mid-December. “When an aggressive group like this gets an ‘open sesame’ to many desirable systems, they are going to use it widely.”
News of the attacks first emerged the weekend of Dec. 12 and 13, when the National Security Council held an emergency meeting at the White House to discuss them.