Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks

1. Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks
2. Evidence from the security firm CrowdStrike suggests that companies that sell software on behalf of Microsoft were used to break into Microsoft’s Office 365 customers.
3.  
4. tps://www.nytimes.com/2020/12/24/us/russia-microsoft-resellers-cyberattacks.html
5.  
6. New evidence suggests that the SolarWinds hackers used companies that sell software on behalf of Microsoft as a conduit to break into customers’ software.
7. New evidence suggests that the SolarWinds hackers used companies that sell software on behalf of Microsoft as a conduit to break into customers’ software.Credit...Sergio Flores/Reuters
8. Nicole Perlroth
9. By Nicole Perlroth
10. Dec. 24, 2020
11. As the United States comes to grips with a far-reaching Russian cyberattack on federal agencies, private corporations and the nation’s infrastructure, new evidence has emerged that the hackers hunted their victims through multiple channels.
12.  
13. The most significant intrusions discovered so far piggybacked on software from SolarWinds, the Austin-based company whose updates the Russians compromised. But new evidence from the security firm CrowdStrike suggests that companies that sell software on Microsoft’s behalf were also used to break into customers of Microsoft’s Office 365 software.
14.  
15. Because resellers are often entrusted to set up and maintain clients’ software, they — like SolarWinds — have been an ideal front for Russian hackers and a nightmare for Microsoft’s cloud customers, who are still assessing just how deep into their systems Russia’s hackers have crawled.
16.  
17. “They couldn’t get into Microsoft 365 directly, so they targeted the weakest point in the supply chain: the resellers,” said Glenn Chisholm, a founder of Obsidian, a cybersecurity firm.
18.  
19. ADVERTISEMENT
20.  
21. Continue reading the main story
22.  
23. CrowdStrike confirmed Wednesday that it was also a target of the attack. In CrowdStrike’s case, the Russians did not use SolarWinds but a Microsoft reseller, and the attack was unsuccessful. A CrowdStrike spokeswoman, Ilina Dimitrova, declined to elaborate beyond a company blog post describing the attempted attack.
24.  
25. Help our journalists make an impact.
26. Support The Times. Subscribe.
27. The approach is not unlike the 2013 attack on Target in which hackers got in through the retailer’s heating and cooling vendor.
28.  
29. ON TECH WITH SHIRA OVIDE: Your guide to how technology is transforming our lives — in the time of coronavirus and beyond.
30. Sign Up
31. The latest Russian attacks, which are thought to have begun last spring, have exposed a substantial blind spot in the software supply chain. Companies can track phishing attacks and malware all they want, but as long as they are blindly trusting vendors and cloud services like Microsoft, Salesforce Google’s G-Suite, Zoom, Slack, SolarWinds and others — and giving them broad access to employee email and corporate networks — they will never be secure, cybersecurity experts say.
32.  
33. “These cloud services create a web of interconnections and opportunity for the attacker,” Mr. Chisholm said. “What we are witnessing now is a new wave of modern attacks against these modern cloud platforms, and we need 2021 defenses.”
34.  
35. Some reports have confused the latest development with a breach of Microsoft itself. But the company said it stood by its statement last week that it was not hacked, nor was it used to attack customers.
36.  
37. Editors’ Picks
38.  
39. The Future of Offices When Workers Have a Choice
40.  
41. The Things Our Bosses Said a Lot This Year
42.  
43. The Bruce Willis Journey From In Demand to On Demand
44. Continue reading the main story
45.  
46. ADVERTISEMENT
47.  
48. Continue reading the main story
49.  
50. But the CrowdStrike discovery shows how the Russian hackers used its resellers to target its customers indirectly. CrowdStrike said in a blog post on Wednesday that hackers tried to read the company’s emails from a reseller account, but were not able to gain access to its data or systems.
51.  
52. United States officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses.
53.  
54. It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hackings on the Pentagon and American civilian agencies.
55.  
56. The National Security Agency — the premier American intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye. The National Security Agency itself uses SolarWinds software.
57.  
58. Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency oversaw the successful defense of the American election system last month.
59.  
60. The Russian hackers behind the attack broke into the email system used by top officials at the Treasury Department in July.
61.  
62. Computers at at least two dozen organizations — including Cisco, Intel, Nvidia, Deloitte and the California Department of State Hospitals — appear to have been hacked, The Wall Street Journal reported. Some of the groups, like Intel and Deloitte, said the attack did not affect their most delicate systems.
63.  
64. Nicole Perlroth is a cybersecurity reporter. Her first book, “This Is How They Tell Me The World Ends,” about the global cyber arms race, will publish in February 2021. @nicoleperlroth
65.  
66.  
67. Suggested newsletters for you