• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

Recommended Posts

microsoft azure hacking

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email.

The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago.

The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.

Although there was an attempt by unidentified threat actors to read the emails, it was ultimately foiled as the firm does not use Microsoft's Office 365 email service, CrowdStrike said.

The incident comes in the wake of the supply chain attack of SolarWinds revealed earlier this month, resulting in the deployment of a covert backdoor (aka "Sunburst") via malicious updates of a network monitoring software called SolarWinds Orion.

Since the disclosure, Microsoft, Cisco, VMware, Intel, NVIDIA, and a number of US government agencies have confirmed finding tainted Orion installations in their environments.


The development comes a week after the Windows maker, itself a SolarWinds customer, denied hackers had infiltrated its production systems to stage further attacks against its users and found evidence of a separate hacking group abusing Orion software to install a separate backdoor called "Supernova."

It also coincides with a new report from The Washington Post today, which alleges Russian government hackers have breached Microsoft cloud customers and stolen emails from at least one private-sector company by taking advantage of a Microsoft reseller that manages cloud-access services.

"Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft product or cloud services," Microsoft's Senior Director Jeff Jones said in an email response to The Hacker News.

CrowdStrike has also released CrowdStrike Reporting Tool for Azure (CRT), a free tool that aims to help organizations review excessive permissions in their Azure Active Directory or Office 365 environments and help determine configuration weaknesses.

In addition, the US Cybersecurity Infrastructure and Security Agency (CISA) has separately created a similar open-source utility called Sparrow to help detect possible compromised accounts and applications in Azure or Office 365 environments.

"The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors," CISA said.

For its part, SolarWinds has updated its security advisory, urging customers to update Orion Platform software to version 2020.2.1 HF 2 or 2019.4 HF 6 to mitigate the risks associated with Sunburst and Supernova vulnerabilities.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now