Evidence from the security firm CrowdStrike suggests that companies that sell software on behalf of Microsoft were used to break into Microsoft’s Office 365 customers.
As the United States comes to grips with a far-reaching Russian cyberattack on federal agencies, private corporations and the nation’s infrastructure, new evidence has emerged that the hackers hunted their victims through multiple channels.
The most significant intrusions discovered so far piggybacked on software from SolarWinds, the Austin-based company whose updates the Russians compromised. But new evidence from the security firm CrowdStrike suggests that companies that sell software on Microsoft’s behalf were also used to break into customers of Microsoft’s Office 365 software.
Because resellers are often entrusted to set up and maintain clients’ software, they — like SolarWinds — have been an ideal front for Russian hackers and a nightmare for Microsoft’s cloud customers, who are still assessing just how deep into their systems Russia’s hackers have crawled.
“They couldn’t get into Microsoft 365 directly, so they targeted the weakest point in the supply chain: the resellers,” said Glenn Chisholm, a founder of Obsidian, a cybersecurity firm.