Earlier this month, the world discovered the SolarWinds Hack, which might be the largest attempt to breach into a government service in the USA till date. The breadth of the hack was so massive that even after more than a week of investigation, experts say that they are only beginning to understand it. Up until now, the updates to ‘Orion’ software from SolarWinds company was the only known source of origin, thus the name ‘SolarWinds hack’. However, it looks like the attackers were too smart to put all their chips on one bet.
According to investigators, hackers behind this cyber attack leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, Reuters reported.
On Thursday security company CrowdStrike Holdings Inc said that the hackers had access to the vendor that sold them Office licenses and had used it to read CrowdStrike’s email. The company uses the Office program for word processing but not email.
Reuters reported comments of a person familiar with the matter, who said, “They got in through the reseller’s access and tried to enable mail ‘read’ privileges. If it had been using Office 365 for email, it would have been game over.”
Although the company has not yet linked these hackers to be the ones that compromised SolarWinds, some familiar with information said they were.
Several Microsoft products are sold via third parties and the companies that sell these mostly have constant touch with their customers as they add products or employees. Microsoft has told that customers need to be aware of the access these companies have on their systems.
Microsoft senior director Jeff Jones said, “Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.”
The use of Microsoft account to breach into government server raises questions as to how many ways of access the hackers had prepared.
Till now the known victims of this cyber-espionage, which the US government blamed to be work of Russian intelligence, are CrowdStrike security rival FireEye Inc and the U.S. Departments of Defense, State, Commerce, Treasury, and Homeland Security. Other companies like Microsoft and Cisco Systems Inc found traces of SolarWinds software internally. However they did not find evidence that the hackers used it to range widely on their networks.
SolarWinds has released an update to fix the vulnerabilities in its flagship network management software Orion.