SolarWinds hack: Russian cybercriminals attacked CrowdStrike

Cyber-security firm CrowdStrike has revealed that suspected Russian hackers who broke into a series of US government agencies and enterprises via compromising SolarWinds software, attacked its network but failed to extract any information.

At least 24 big companies including tech giants like Intel, Cisco, VMware and Nvidia suffered part of the SolarWinds hack allegedly orchestrated by Russia-backed cybercriminals.

The suspected Russian hackers installed a malware in the Orion software sold by the IT management company SolarWinds, and accessed sensitive data belonging to several US government agencies, at least one hospital and a university, the Wall Street Journal reported last week.

In a blog post, CrowdStrike said it was alerted by Microsoft that the hackers had tried to read its emails using a Microsoft reseller’s account “several months ago.”

“Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago,” the company said.

“There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email”.

CrowdStrike conducted a thorough review and found that it “suffered no impact”.

Earlier, US-based cybersecurity firm FireEye had admitted it was part of the massive SolarWinds attack.

Russia has denied having any role in the hacking.

Microsoft President Brad Smith said this month that they have identified more than 40 customers who have been affected by nation-state hackers who installed malware in SolarWinds’ Orion platform.

The hacking group, known as APT29, or Cozy Bear, is behind the attack on FireEye, accessing its internal network and stealing hacking tools the company uses to test the networks belonging to its customers.