Originally posted by the Voice of America.
Voice of America content is produced by the Voice of America,
a United States federal government-sponsored entity, and is in
the public domain.


Suspected Russian Hackers Used Microsoft Vendors to Breach Customers

Reuters

   WASHINGTON - The suspected Russian hackers behind the worst U.S.
   cyberattack in years used reseller access to Microsoft Corp. services
   to penetrate targets that had no compromised network software from
   SolarWinds Corp., investigators said.

   Updates to SolarWinds' Orion software were the only known point of
   entryuntil Thursday, when security company CrowdStrike Holdings Inc.
   said hackers had gained access to the vendor that sold it Office
   licenses and had used that to try to read CrowdStrike's email. It did
   not specifically identify the hackers as being the ones that
   compromised SolarWinds, but two people familiar with CrowdStrike's
   investigation said they were.

   CrowdStrike uses Office programs for word processing but not email. The
   failed attempt, made months ago, was pointed out to CrowdStrike by
   Microsoft on December 15.

   CrowdStrike, which does not use SolarWinds, said it had found no impact
   from the intrusion attempt and declined to name the reseller.

   "They got in through the reseller's access and tried to enable mail
   'read' privileges," one person familiar with the investigation told
   Reuters. "If it had been using Office 365 for email, it would have been
   game over."

   Many Microsoft software licenses are sold through third parties, and
   those companies can have near-constant access to clients' systems as
   the customers add products or employees.

   Be on guard

   Microsoft said Thursday that those customers need to be vigilant.

   "Our investigation of recent attacks has found incidents involving
   abuse of credentials to gain access, which can come in several forms,"
   said Microsoft senior director Jeff Jones. "We have not identified any
   vulnerabilities or compromise of Microsoft product or cloud services."

   The use of a Microsoft reseller to try to break into a top digital
   defense company raises new questions about how many avenues the
   hackers, whom U.S. officials have alleged are operating on behalf of
   the Russian government, have at their disposal.

.